eCryptfs

Encrypting you home directory with eCryptfs

To be written.

www.linux-mag.com/cache/7568/1.html

One way to create ecrypfs home directories

Here is how i did it, based on the following link:

blog.dustinkirkland.com/2009/06/migrati...

(much shamelessly copied)

Login and setup an Encrypted Private directory:
login
ecryptfs-setup-private

Logout, and log back in and make sure $HOME/Private is mounted.

exit
login
mount | grep "$USER.*ecryptfs"

Use rsync

to copy all data from your home directory to your new Encrypted Private directory. If you have a large home directory, this step might take a very long time. Be very wary of any errors at this point. This is the most essential step in this migration scheme. I usually re-run this step 3 times.

rsync -aP --exclude=.Private --exclude=Private --exclude=.ecryptfs $HOME/ $HOME/Private/

Sync to disk, unmount, logout, and log back in.

sync && sync && sync
ecryptfs-umount-private
exit
login

Setup your eCryptfs configuration directory.

ecryptfs-umount-private
cd /
sudo mkdir -p /home/.ecryptfs/$USER
sudo chown $USER:$USER /home/.ecryptfs/$USER
mv $HOME/.ecryptfs /home/.ecryptfs/$USER/
mv $HOME/.Private /home/.ecryptfs/$USER/
sudo chmod 700 /home/.ecryptfs/$USER/.Private
sudo chmod 700 /home/.ecryptfs/$USER/.ecryptfs

Setup your new, unmounted home directory.

sudo mkdir -p -m 700 /home/$USER.new
sudo chown $USER:$USER /home/$USER.new
ln -sf /home/.ecryptfs/$USER/.ecryptfs /home/$USER.new/.ecryptfs
ln -sf /home/.ecryptfs/$USER/.Private /home/$USER.new/.Private

Move your old, unencrypted home directory out of the way.

sudo mv $HOME $HOME.old

“Activate” your new, unmounted home directory by renaming it.

sudo mv /home/$USER.new $HOME
echo $HOME > $HOME/.ecryptfs/Private.mnt
ln -sf /usr/share/ecryptfs-utils/ecryptfs-mount-private.txt $HOME/README.txt
sudo chmod 500 $HOME

Logout, and log back in.

Ensure that $HOME is mounted, and that you have a symlink to your configuration directory.

exit
login
mount | grep "$USER.*ecryptfs"
ln -sf /home/.ecryptfs/$USER/.ecryptfs /home/$USER/.ecryptfs
ln -sf /home/.ecryptfs/$USER/.Private /home/$USER/.Private

Check all of your home directory data.

Ensure that everything is in order. Once you are completely confident that the migration worked, you can reclaim some disk space by removing your old, non-encrypted data.

sudo rm -rf $HOME.old

Check your /etc/pam.d/ configuration!

common-auth:28:      auth    optional        pam_ecryptfs.so unwrap
common-session:28:   session optional        pam_ecryptfs.so unwrap

Obviously, much of this is scriptable….