Encrypt custom eCryptfs folder on login/logout (with filename encryption) automatically [duplicate]

mount encryption ecryptfs

When my laptop gets stolen, it would be nice to have my documents safely inaccessible in my custom folder (not ~/Private, but e.g. ~/.docs), where I also plan to move keyring and some configs. I don't want a whole encrypted home.

How can it be done?

  1. I have ecrypts-utils installed
  2. I ran sudo chmod 700 ~/.docs
  3. I mounted a folder sudo mount -t ecrypts ~/.docs ~/.docs
  4. Moved files in there
  5. Unmount folder sudo umount ~/.docs
  6. Content is encrypted

Than I have to run step 3 again (with all settings) to decrypt files again. How can I make it work on logout/login?


Solution 1:

ecryptfs-setup-private can do all those things for you, in a private folder called ~/.Private that gets mounted as ~/Private just use it, and we can modify it's folder names below.

Or even encrypt your entire home folder with ecryptfs-migrate-home would be a good idea.

They'll both do exactly what you want, auto mounting on login & unmounting on logout. Why re-invent the wheel with your own potentially unsafe (password handling can be tricky) custom scripts? And unless you're using symbolic links, if you're copying files back & forth between plain folders and encrypted folders, you'll likely be leaving behind the unencrypted deleted files, just waiting to be read with an undelete or free space search command.

A solution is to use a ~/.Private underlying directory containing encrypted data (OR a link from ~/.Private to a different folder elsewhere), but change the mountpoint folder to a different one (thanks to Sebastian):

  1. Run ecryptfs-setup-private then

  2. Move/create a new mountpoint folder

    mv ~/Private /path/to/new/folder

  3. Change the contents of ~/.ecryptfs/Private.mnt (file containing path of the private directory mountpoint) to the new mountpoint folder

    echo /path/to/new/folder > ~/.ecryptfs/Private.mnt

If the ~/.ecryptfs/auto-mount and ~/.ecryptfs/auto-umount files exist the folder will be automatically mounted/unmounted on login/logout.

For manual mounting/decrypting (password will be required), run ecryptfs-mount-private

For manual unmounting, run ecryptfs-umount-private

Related

Connection to WiFi network with my Asus x205TA
Wireless connection with a Centrino Wireless-N 1000 won't last longer than 20 seconds
Grub chainloader doesn't work with Windows 8 [duplicate]
How can I upgrade from 11.04 to 12.04? [duplicate]
How to define completely new xdg-user-dirs?
The following packages have unmet dependencies (apache) [duplicate]
14.04: login loops back on itself - ecryptfs
Uable to print after upgrading Ubuntu 16.04 to 18.04 (HP MFC-7470DW)
Ubuntu 12.10 shows no launcher or menu
Changing bootparameters in Ubuntu Grub
Use Gnome dash-to-dock without autohide
Nvidia geforce 6150-unity 3d won't work