cht電腦資訊Linux
adm Find login register

在 linux 使用 encfs + fuse 做一個 加密檔案系統 filesystem

eliu
1 在 linux 使用 encfs + fuse 做一個 加密檔案系統 filesystem
Promote 1 Bookmark 12008-09-07quote  

encfs ~/.crypt 是加密過的部份,目錄結構完全沒變,filename/directory name 經過加密,內容也加密。安全性好像比 loopback 差一點。

與loopback 相比,encfs 的好處是不用先預留空間。


使用你的 package manger, Mandriva 是用 urpmi 

#urpmi encfs

我修改過 的 kernel 有出現 DKMS 的 error , 不用理,只要確定

modprobe fuse 沒有問題就可以了。

第一次執行  /dev/fuse permission/owner 不對 ,這時候

chown xxx /dev/fuse 改成你的 owner

 [xxx@www ~]$ encfs ~/.crypt ~/crypt
The directory "/home/xxx/.crypt/" does not exist. Should it be created? (y,n) y
The directory "/home/xxx/crypt" does not exist. Should it be created? (y,n) y
Creating new encrypted volume.
Please choose from one of the following options:
 enter "x" for expert configuration mode,
 enter "p" for pre-configured paranoia mode,
 anything else, or an empty line will select standard mode.
?> p

Paranoia configuration selected.

Configuration finished.  The filesystem to be created has
the following properties:
Filesystem cipher: "ssl/aes", version 2:1:1
Filename encoding: "nameio/block", version 3:0:1
Key Size: 256 bits
Block Size: 512 bytes, including 8 byte MAC header
Each file contains 8 byte header with unique IV data.
Filenames encoded using IV chaining mode.
File data IV is chained to filename IV.

..................... 這邊提到 hard link  內定是關閉的

Now you will need to enter a password for your filesystem.
You will need to remember this password, as there is absolutely
no recovery mechanism.  However, the password can be changed
later using encfsctl.

New Encfs Password:
Verify Encfs Password:

沒有加密的部份就在 ~/crypt  

之後的使用還是用

encfs ~/.crypt ~/crypt

這次就只會輸入密碼。 

解除掛載用 

$ fusermount -u ~/crypt 

edited: 4
eliu
2
Promote 0 Bookmark 02010-05-20quote  

最好加上 -i 的選項,是說 idle 閒置 10 分鐘自動 umount,很重要的選項。

encfs -i 10 ~/.crypt ~/crypt

cht電腦資訊Linux
adm Find login register
views:8477