[clug] Ubuntu Lynx (10.04) and ecryptfs

Andrew Janke a.janke at gmail.com
Mon May 3 17:34:35 MDT 2010


Since others decided to fork this thread I may as well too.

Since Karmic? there has been an option of an ecryptfs ~/Private
directory in Ubuntu (and possibly others). Previous to this I have
always just used encrypted ext4 volumes for /home and backup things
but decided to give this method a hack.

I have heard all sorts of horror stories about the ~/Private thing
going awry when you rebuilt/reinstall with previous versions as the
"secret key" or some such thing was stored in /var/lib/<something> but
in this release it would seem that your entire ~<username> directory
is encrypted and the key stuff and real data is stored in
/home/.ecryptfs/<username>/{.Private,.ecryptfs}.

So questions.

1. I currently use dirvish pointed at /home to an external encrypted
drive. Clearly this is going to be interesting as it is now going to
backup the encrypted stuff as dirvish is set to not cross mounts. (or
at least I think this will happen).

2. given #1 how does recovery work?

Say my machine dies and I need to "get stuff fast". What do I do with
the encrypted backup (with encrypted keys included) to mount it?  I
have looked around but haven't found an easy answer.  I can use:

   $ mount -t ecryptfs /home/.ecryptfs/rotor /mnt/recovery

But don't know the options that Ubuntu/Debian use by default, anyone
happen to have a recipie?  I am somewhat nervous that my backup will
be a perfect copy of all my stuff that I can't read if things go
belly-up.

ta

--
Andrew Janke
(a.janke at gmail.com || http://a.janke.googlepages.com/)
Canberra->Australia    +61 (402) 700 883


More information about the linux mailing list