In our previous article, we learnt how to encrypt files and directories on Ubuntu 18.04 using eCryptfs. The whole process of decrypting the directories is a bit old school and therefore, we bring you the easiest ways to decrypt the eCryptfs encrypted directory.
We will discuss two ways of doing this; Using bash script to automate the whole mount procedure and using a USB with a passphrase key to automount the directory on boot.
Automatically mounting encrypted directory using a bash script
The following is bash script that I made for this task. Feel free to improve on it to best suite your needs.
$ vim mnt_unmnt_mydocs.sh
#!/bin/bash home=$HOME secure_dir=$HOME/mydocuments # Choose whether to mount or unmount your encrypted directory. read -p "Do you want to mount or unmount the directory?(mount/unmount): " choice if [[ "$choice" == "mount" ]]; then # Prompt the user to enter passphrase. read -sp "Enter the mount passphrase: " mountphrase echo echo "passphrase_passwd=${mountphrase}" > $HOME/key.txt #Insert the Authentication passphrase into the user session keyring printf "%s" "${mountphrase}" | ecryptfs-add-passphrase - > $HOME/sig_file.txt #Extract the signature from the tmp.txr file sig=`cat sig_file.txt | cut -d" " -f6 | tr -d '[]'` # Remove the file with the signature rm -f $HOME/sig_file.txt #Mount the directory sudo mount -t ecryptfs -o key=passphrase:passphrase_passwd_file=$HOME/key.txt,no_sig_cache,ecryptfs_cipher=aes,ecryptfs_key_bytes=16,ecryptfs_enable_filename=y,ecryptfs_passthrough=n,ecryptfs_enable_filename_crypto=y,ecryptfs_fnek_sig=${sig},ecryptfs_sig=${sig},ecryptfs_unlink_sigs $secure_dir $secure_dir &>/dev/null echo "Encrypted directory mounted successfully." # Remove the file containing the passphrase rm -rf $HOME/key.txt elif [[ "$choice" == "unmount" ]]; then sudo umount $secure_dir 2>/dev/null if [[ $? == 0 ]]; then echo "Encrypted directory unmounted successfully." else echo "$secure_dir: target is busy." fi fi
Set the executable permissions on the script.
$ chmod +x mnt_unmnt_mydocs.sh
Mount the encrypted directory using the script.
$ ./mnt_unmnt_mydocs.sh Do you want to mount or unmount the directory?(mount/unmount): mount Enter the mount passphrase: Encrypted directory mounted successfully.
Unmount the encrypted directory
$ ./mnt_unmnt_mydocs.sh Do you want to mount or unmount the directory?(mount/unmount): unmount Encrypted directory unmounted successfully.
You can create an alias for the script.
$ echo "alias mnt_unmnt_mydocs='$HOME/test.sh'" > .bash_aliases $ source .bash_aliases
Automatically Mounting encrypted directory using a USB key
This example will use a /root/.ecryptfsrc file containing mount options, along with a passphrase file residing on a USB key.
Create a Mount point for USB
Create a mount point for mounting the USB drive.
# mkdir /media/username/usb
Mount the USB drive
# mount /dev/sdb1 /media/username/usb
Create a passphrase file in USB mount directory
# vim /media/username/usb/key.txt passphrase_passwd=[secrets] <-- subtitute with your passphrase
Extract a signature ID from the /root/.ecryptfs/sig-cache.txt file
# cat /root/.ecryptfs/sig-cache.txt 96b6fac91e0a01b8
Create /root/.ecryptfsrc file containing:
# vim /root/.ecryptfsrc
key=passphrase:passphrase_passwd_file=/media/username/usb/key.txt ecryptfs_sig=96b6fac91e0a01b8 <-- obtained from /root/.ecryptfs/sig-cache.txt ecryptfs_cipher=aes ecryptfs_key_bytes=16 ecryptfs_passthrough=n ecryptfs_enable_filename_crypto=n
Add the Mount Options to the fstab file.
/dev/sdb1 /media/username/usb ext3 ro 0 0 /home/username/mydocuments /home/username/mydocuments ecryptfs defaults 0 0
Note that USB with passphrase has to be mounted first before the encrypted directory can be mounted.
That is all about automating the mount process for the encrypted directories.
Just want to say, thanks for this!