eCryptFS is a file encryption system in Linux system. It can encrypt files or directories, and the encryption level is high. The security is stronger than the general software. The following small series will introduce you how to use eCryptFS to encrypt files.
Encryption Types
We mainly have two methods for encrypting files and directories. One is file system level encryption, in which you can selectively encrypt certain files or directories (eg, /home/alice). For me, this is a great way to do it, you don't need to reinstall everything in order to enable or test encryption. However, file system level encryption also has some drawbacks. For example, many modern applications cache (partially) files in unencrypted portions of your hard drive, such as swap partitions, /tmp, and /var folders, which can lead to privacy leaks.
Another way is the so-called full disk encryption, which means that the entire disk will be encrypted (possibly in addition to the master boot record). Full disk encryption works at the physical disk level, and every bit written to disk is encrypted, and anything read from disk is decrypted on the fly. This will prevent any potential unauthorized access to unencrypted data and ensure that everything in the entire file system is encrypted, including swap partitions or any temporary cached data.
Available Encryption Tools
There are several tools to choose from to implement encryption in Linux. In this tutorial, I am going to introduce one of them: eCryptFS, a user space file system encryption tool. A summary of the encryption tools available on Linux is provided below for your reference.
File System Level Encryption
EncFS: One of the easiest ways to try encryption. EncFS works on a FUSE-based pseudo file system, so you only need to create an encrypted folder and mount it to a folder to work.
eCryptFS: A POSIX-compliant encrypted file system, eCryptFS works the same way as EncFS, so you have to mount it.
Disk Level Encryption
Loop-AES: The oldest method of disk encryption. It's really fast and works with older systems (like the 2.0 kernel branch).
DMCrypt: The most common disk encryption scheme that supports modern Linux kernels.
CipherShed: An open source branch of the stopped TrueCrypt disk encryption program.
eCryptFS basis
eCrypFS FUSE is a user space encrypting file system can be used (as encryptfs module) in the Linux kernel 2.6.19 and later. The pseudo file system encrypted by eCryptFS is mounted to the top of the current file system. It works well on the EXT file system family and other file systems such as JFS, XFS, ReiserFS, Btrfs, and even NFS/CIFS shared file systems. Ubuntu uses eCryptFS as the default method for encrypting its home directory, as is ChromeOS. At the bottom of eCryptFS, the AES algorithm is used by default, but it also supports other algorithms such as blowfish, des3, cast5, and cast6. If you created the eCryptFS settings by hand, you can choose one of them.
As I did, Ubuntu lets us choose whether to encrypt the /home directory during the installation process. Ok, this is the easiest way to use eCryptFS.
Ubuntu provides a user-friendly set of tools that can make our lives easier by eCryptFS, but enable the Ubuntu installation process eCryptFS only created a pre-configured settings specified. So, if the default settings don't suit your needs, you'll need to do it manually. In this tutorial, I will show you how to manually set up eCryptFS on mainstream Linux distributions.
Installation of eCryptFS
Debian, Ubuntu or its derivatives:
$ sudo apt-get install ecryptfs-utils
Note that if you are on Ubuntu The encrypted home directory is selected during the installation process and eCryptFS should already be installed.
CentOS, RHEL or Fedora:
# yum install ecryptfs-utils
Arch Linux:
$ sudo pacman -S ecryptfs-utils
Previous12Next page Total 2 pages
Microsoft system process management, can not open the task manager, view the process, end the proces
When you modify the Linux software source, it prompts Unable to locate package erro
In the Linux command, the sort command can be used to sort the file lines. Many peo
As a Linux system administrator, you need to manage the system user accounts regularly, and delete u
The difference between hardware processing and software processing in Linux system
Linux svn error Cant convert string from how to do?
Ubuntu can't input Chinese using QT. What should I do?
Linux automatically generates a MAC address method summary
Linux system grep command operation example summary
What is the use of the Linux system pppsetup command?
Linux blocking browser request alert method on browser
How to extract multiple compressed files at the same time in Linux
CentOS telnet exit failure solution
What should I do if a Linux normal user does not have permission to use the command?
Ubuntu Unity online search only shows the skills of the terminal application
Play XP Mode under Win 7 system (4)
Windows7 system chkdsk disk repair tool introduction
Win10 play LOL typing can not see how to solve the box League of Legends can not type how to do
Analysis of malloc mechanism in Uclibc
Microsoft: Win10 lock screen function will have a major update
The perfect repair method for RAR compressed file corruption in win7 64-bit system
How to set Win10 boot startup item Win10 prohibit boot boot method
The perfect way to remove the small arrow of the win7 desktop icon