Now we need to install the encfs.
#apt-get install -y encfs
Now to create an encrypted drive:
#encfs ~/Dropbox/data.encrypt ~/data
Creating new encrypted volume.
Please choose from one of the following options:
enter "x" for expert configuration mode,
enter "p" for pre-configured paranoia mode,
anything else, or an empty line will select standard mode.
?>
Standard configuration selected.
Configuration finished. The filesystem to be created has
the following properties:
Filesystem cipher: "ssl/aes", version 2:2:1
Filename encoding: "nameio/block", version 3:0:1
Key Size: 192 bits
Block Size: 1024 bytes
Each file contains 8 byte header with unique IV data.
Filenames encoded using IV chaining mode.
File holes passed through to ciphertext.
Now you will need to enter a password for your filesystem.
You will need to remember this password, as there is absolutely
no recovery mechanism. However, the password can be changed
later using encfsctl.
New Encfs Password:
Verify Encfs Password:
Now that we have setup the encrypted folder we need to tell Dropbox to not sync the drive settings.
#dropbox exclude add ~/Dropbox/data.encrypt/.encfs6.xml
Excluded:
~/Dropbox/data.encrypt/.encfs6.xml
Now to get this to mount when you login. First install libpam-encfs:
#apt-get install libpam-encfs
Edit /etc/fuse.conf and add:
user_allow_other
Edit /etc/security/pam_encfs.conf
drop_permissions
encfs_default
* /home/$USER/Dropbox/data.encrypt /home/$USER/data -v allow_other
Edit /etc/pam.d/common-auth to look like:
auth sufficient pam_encfs.so
auth [success=2 default=ignore] pam_unix.so nullok_secure use_first_pass
auth [success=1 default=ignore] pam_winbind.so krb5_auth krb5_ccache_type=FILE cached_login try_first_pass
auth requisite pam_deny.so
auth required pam_permit.so
And your done, Enjoy.
No comments:
Post a Comment