Skip to main content
Welcome guest. | Register | Login | Post

Encryption -- Gaaaaaah!

4 replies [Last post]
supermike's picture
Offline
Joined: 2006-02-17

I read up that EncFS supposedly loads in user space and not the kernel, and this led me to believe that I could install EncFS and have a folder that was encrypted in just a few steps. No mucking with the kernel, I thought.

So then I discovered in Ubuntu's apt Universe option that they had an EncFS there. I installed it and began an attempt to encrypt something. It spat back that I didn't load 'fuse' in with the kernel! I thought it said no kernel stuff! Gaaaaah!

So then I used apt-cache search and found a fuse-source that wasn't installed. When I went to install it, it suggested module-assistant but didn't install that. I then installed module-assistant too. I then did 'modprobe fuse' and Fuse was not installed! Gaaaah!

I then ran module-assistant, which I had never seen before, but quickly figured it was a handy tool to help me recompile my kernel. It said I needed to update it and prepare my system. When I updated it, that was no big deal. It shelled out and I could see it do some apt-get update stuff. But then when I did prepare, it took forever and looked like it was downloading the kernel source (the 386 version, I might add, instead of the 686 version) and all the C++ dev libraries. It was beginning to take forever. Gaaaah!

I aborted it and did:

apt-get --purge remove encfs
apt-get --purge remove fuse-source
apt-get --purge remove module-assistant
apt-get --purge remove fuse-utils
apt-get autoclean

I then commented back out the Universe option in /etc/apt/sources.list and then did apt-get update.

This brought my system back to the way it was.

So what we're seeing here is that there's absolutely no way, without mucking with the kernel, to load an encrypted file system or cause an encrypted file to act like a filesystem? This is all Linux has to give me? I just want a lousy password-protected partition out of an encrypted file, and without kernel recompiling. Gaaaaah!

tbuitenh's picture
Offline
Joined: 2005-12-21

What ancient kernel do you use? Fuse is supposed to be part of the default kernel. No recompiling needed!

[taco@garden ~]$ pacman -Qo /lib/modules/2.6.16-ARCH/kernel/fs/fuse/fuse.ko
/lib/modules/2.6.16-ARCH/kernel/fs/fuse/fuse.ko is owned by kernel26 2.6.16.9-1

See?

supermike's picture
Offline
Joined: 2006-02-17

I've been doing the standard apt-get update; apt-get upgrade with my PCs, updating them from Ubuntu. I'm on Breezy.

When I check /boot/grub/grub.lst, it says:

Ubuntu, kernel 2.6.12-10-386

Also, when I do a modprobe -l | grep -i "fuse", I get:

/lib/modules/2.6.12-10-386/kernel/fs/fuse/fuse.ko

So what could it be? Is it perhaps that I need to add a special switch on the end of my encfs statement to make it use this fuse module properly?

supermike's picture
Offline
Joined: 2006-02-17

How To Use An Encrypted Folder on Ubuntu Linux

These instructions were designed for Ubuntu Breezy. Your distro mileage may vary.

Installation

1. $ sudo vi /etc/apt/sources.list
2. Uncomment Universe option in your sources.list. If you don't have a Universe option, then Google for what I mean.
3. Save file (Esc + :wq!)
4. $ sudo apt-get update
5. Do not update your system when a popup dialog occurs in your GUI.
6. $ sudo apt-get install encfs
7. $ sudo apt-get install fuse-utils
8. $ sudo vi /etc/apt/sources.list
9. Comment out the Universe option again with #.
10. Save file (Esc + :wq!)
11. $ sudo apt-get update
12. Now you may update your system if a popup dialog occurs in your GUI regarding system updates.

Make The Encrypted Directory Structure

1. $ sudo mkdir /home/.crypt
2. $ sudo mkdir /home/crypt

Encrypt The Directory Structure

1. $ sudo encfs /home/.crypt /home/crypt
2. Press Enter key
3. Enter password. DO NOT FORGET THIS PASSWORD!!!
4. Confirm password.

Create Some Test Files in It

1. $ sudo echo "test1" > /home/crypt/test1.txt
2. $ sudo echo "test2" > /home/crypt/test2.txt

View Test Files in Unencrypted Form

1. $ sudo ls /home/crypt
2. $ sudo cat /home/crypt/test1.txt
3. $ sudo cat /home/crypt/test2.txt

Unmount Encrypted Volume

$ sudo fusermount -u /home/crypt

Try To View Those Files Again

$ sudo ls /home/crypt

...Not there!

$ sudo ls /home/.crypt

...Files are there under funky filenames, but if you cat them, they contain goobly gook.

Remount Your Encrypted Folder

1. $ sudo encfs /home/.crypt /home/crypt
2. Enter password.

View Encrypted Contents Again

1. $ sudo ls /home/crypt
2. $ sudo cat /home/crypt/test1.txt
3. $ sudo cat /home/crypt/test2.txt

...Content is back.

Anonymous

Once you build this and get it going, you can then put a script like this in /usr/bin as "crypt" (as long as you don't have another "crypt" program there or that this might interfere with).

#!/bin/bash

usage() {
echo "crypt [m|mount|u|unmount]"
echo " either mounts or unmounts encrypted file system"
}

if [ -z $1 ]
then
	usage
	exit
fi

case "$1" in
	"m" | "mount" )
		fusermount -u /home/crypt > /dev/null 2>&1
		encfs /home/.crypt /home/crypt
		echo "Encrypted filesystem now mounted"
		;;
	"u" | "unmount" )
		echo "encfs /home/crypt fuse rw,nosuid,nodev 0 0" >> /etc/mtab
		fusermount -u /home/crypt
		echo "Encrypted filesystem has been unmounted"
		;;
	* )
		usage
		;;
esac

I adapted the code from testing a script found here:

Reference: http://www.linux.com/article.pl?sid=06/03/13/1656228

Comment viewing options

Select your preferred way to display the comments and click "Save settings" to activate your changes.