Monday, 1 August 2011

Cryptic - More on EncFS & Cryptkeeper

Recently I discovered Cryptkeeper in the Ubuntu Software Centre - it's a front-end for EncFS that sits in the system tray providing hassle-free access to your encrypted directories. Whilst this is undoubtedly a useful applet, it suffers from problems of memory leaks and segmentation faults and, despite the fact that there is a patch available, I've no idea how to fix the problem!

However, like most graphical interfaces, Cryptkeeper is really just a bridge between the user and the command line and the command line is often a "faster and more powerful" way to get things done. So, when I experienced a segfault earlier today, I thought that I'd explore EncFS's options using a terminal. In this post I'll outline the basic commands for creating, mounting, & unmounting an encrypted directory.

Creating an encrypted directory is simple - the command takes the form:

encfs /path/.dir_name /path/dir_name

Let's assume that I want to create an encrypted directory in my /home/usr_name directory called, crypt, my command is:

encfs /home/jogga/.crypt /home/jogga/crypt

I'll be notified that these directories don't exist and prompted to create them - at each prompt, I type y and press enter. I get the following output:

Creating new encrypted volume.
Please choose from one of the following options:
enter "x" for expert configuration mode,
enter "p" for pre-configured paranoia mode,
anything else, or an empty line will select standard mode.

Selecting the standard configurations results in the following output:

Standard configuration selected.
Configuration finished. The filesystem to be created has the following properties:
Filesystem cipher: "ssl/aes", version 2:2:1
Filename encoding: "nameio/block", version 3:0:1
Key Size: 192 bits
Block Size: 1024 bytes
Each file contains 8 byte header with unique IV data.
Filenames encoded using IV chaining mode.
File holes passed through to ciphertext.

Now you will need to enter a password for your filesystem.
You will need to remember this password, as there is absolutely
no recovery mechanism. However, the password can be changed
later using encfsctl.

New Encfs Password:
Verify Encfs Password:

The new directories are created and mounted - that's it! Mouting existing directories takes the same form as above:

encfs /path/.dir_name /path/dir_name

Now I'll only be prompted for the password and my directory will be open and available to browse using Nautilus. However, if I want to limit the time a directory can remain open, I can add a switch to umount the directory automatically after a period of inactivity:

encfs --idle=time_min /path/.dir_name /path/dir_name

Where time_min is an integer of 1 or more.

Unmounting an encrypted directory takes the form:

fusermount -u /path/dir_name

Having the option to use a terminal should Cryptkeeper crash is useful and saves the trouble of having to reboot the system. Moreover, it's a great way to learn how things work in Linux.

Sources & References:

No comments:

Post a Comment