How to Automate eCryptfs Mounting Procedure

|
Last Updated:
|
|
Automate eCryptfs Mounting Procedure

In this guide, you will learn how to automate ecryptfs mounting procedure. In our previous article, we learnt how to encrypt files and directories on Ubuntu 18.04 using eCryptfs. The whole process of decrypting the directories is a bit old school and therefore, we bring you the easiest ways to decrypt the eCryptfs encrypted directory.

How to Automate eCryptfs Mounting Procedure

We will discuss two ways of doing this;

  • Using bash script to automate the whole mount procedure
  • using a USB with a passphrase key to automount the directory on boot.

Auto-mount eCryptfs encrypted directory using a bash script

The following is bash script that  I made for this task. Feel free to improve on it to best suite your needs.

vim mount_unmount_mydocs.sh

#!/bin/bash
home=$HOME
secure_dir=$HOME/mydocuments
# Choose whether to mount or unmount your encrypted directory.
read -p "Do you want to mount or unmount the directory?(mount/unmount): " choice
if [[ "$choice" == "mount" ]]; then
       # Prompt the user to enter passphrase.
       read -sp "Enter the mount passphrase: " mountphrase
       echo
       echo "passphrase_passwd=${mountphrase}" > $HOME/key.txt

       #Insert the Authentication passphrase into the user session keyring
       printf "%s" "${mountphrase}" | ecryptfs-add-passphrase - > $HOME/sig_file.txt

       #Extract the signature from the tmp.txr file
       sig=`cat sig_file.txt | cut -d" " -f6 | tr -d '[]'`
       # Remove the file with the signature
       rm -f $HOME/sig_file.txt

       #Mount the directory
       sudo mount -t ecryptfs -o key=passphrase:passphrase_passwd_file=$HOME/key.txt,no_sig_cache,ecryptfs_cipher=aes,ecryptfs_key_bytes=16,ecryptfs_enable_filename=y,ecryptfs_passthrough=n,ecryptfs_enable_filename_crypto=y,ecryptfs_fnek_sig=${sig},ecryptfs_sig=${sig},ecryptfs_unlink_sigs $secure_dir $secure_dir &>/dev/null
       echo "Encrypted directory mounted successfully."
       # Remove the file containing the passphrase
       rm -rf $HOME/key.txt
elif [[ "$choice" == "unmount" ]]; then
        sudo umount $secure_dir 2>/dev/null
        if [[ $? == 0 ]]; then
                echo "Encrypted directory unmounted successfully."
        else
                echo "$secure_dir: target is busy."
        fi
fi

Set the executable permissions on the script.

chmod +x mount_unmount_mydocs.sh

Mount the encrypted directory using the script.

./mount_unmount_mydocs.sh
Do you want to mount or unmount the directory?(mount/unmount): mount
Enter the mount passphrase: 
Encrypted directory mounted successfully.

Unmount the encrypted directory

./mount_unmount_mydocs.sh
Do you want to mount or unmount the directory?(mount/unmount): unmount
Encrypted directory unmounted successfully.

You can create an alias for the script.

echo "alias mount_unmount_mydocs='$HOME/mount_unmount_mydocs.sh'" > .bash_aliases
source .bash_aliases

Auto-mount eCryptfs encrypted directory using a USB key

This example will use a /root/.ecryptfsrc file containing mount options, along with a passphrase file residing on a USB key.

Create a mount point for mounting the USB drive.

mkdir /media/$USER/usb

Mount the USB drive

mount /dev/sdb1 /media/$USER/usb

Create a passphrase file in USB mount directory

vim /media/$USER/usb/key.txt

Substitute with your passphrase;

passphrase_passwd=[secrets]  

Extract a signature ID from the /root/.ecryptfs/sig-cache.txt file

cat /root/.ecryptfs/sig-cache.txt
 96b6fac91e0a01b8

Create /root/.ecryptfsrc file containing the mount information:

vim /root/.ecryptfsrc

key=passphrase:passphrase_passwd_file=/media/username/usb/key.txt
ecryptfs_sig=96b6fac91e0a01b8
ecryptfs_cipher=aes
ecryptfs_key_bytes=16
ecryptfs_passthrough=n
ecryptfs_enable_filename_crypto=n

Add the Mount Options to the fstab file.

Replace the $USER value accordingly!

/dev/sdb1   /media/$USER/usb    ext3    ro      0 0
/home/#USER/mydocuments /home/$USER/mydocuments ecryptfs defaults 0 0

Note that USB with passphrase has to be mounted first before the encrypted directory can be mounted.

That concludes our guide on how to automate eCryptfs mounting procedure.

SUPPORT US VIA A VIRTUAL CUP OF COFFEE

We're passionate about sharing our knowledge and experiences with you through our blog. If you appreciate our efforts, consider buying us a virtual coffee. Your support keeps us motivated and enables us to continually improve, ensuring that we can provide you with the best content possible. Thank you for being a coffee-fueled champion of our work!

Photo of author
koromicha
I am the Co-founder of Kifarunix.com, Linux and the whole FOSS enthusiast, Linux System Admin and a Blue Teamer who loves to share technological tips and hacks with others as a way of sharing knowledge as: "In vain have you acquired knowledge if you have not imparted it to others".

1 thought on “How to Automate eCryptfs Mounting Procedure”

Leave a Comment