{"id":841,"date":"2018-10-06T21:33:46","date_gmt":"2018-10-06T18:33:46","guid":{"rendered":"http:\/\/kifarunix.com\/?p=841"},"modified":"2024-03-11T20:10:20","modified_gmt":"2024-03-11T17:10:20","slug":"how-to-automate-ecryptfs-mounting-procedure","status":"publish","type":"post","link":"https:\/\/kifarunix.com\/how-to-automate-ecryptfs-mounting-procedure\/","title":{"rendered":"How to Automate eCryptfs Mounting Procedure"},"content":{"rendered":"\n<figure class=\"wp-block-image size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"1060\" height=\"596\" src=\"https:\/\/kifarunix.com\/wp-content\/uploads\/2018\/10\/auto-mount-ecryptfs-encrypted-directory-mounting.png\" alt=\"Automate eCryptfs Mounting Procedure\" class=\"wp-image-16619\" title=\"\" srcset=\"https:\/\/kifarunix.com\/wp-content\/uploads\/2018\/10\/auto-mount-ecryptfs-encrypted-directory-mounting.png?v=1684052877 1060w, https:\/\/kifarunix.com\/wp-content\/uploads\/2018\/10\/auto-mount-ecryptfs-encrypted-directory-mounting-768x432.png?v=1684052877 768w\" sizes=\"(max-width: 1060px) 100vw, 1060px\" \/><\/figure>\n\n\n\n<p>In this guide, you will learn how to automate <a href=\"https:\/\/www.ecryptfs.org\/\" target=\"_blank\" rel=\"noreferrer noopener\">ecryptfs<\/a> mounting procedure. In our previous article, we learnt <a href=\"https:\/\/kifarunix.com\/security\/encryption\/how-to-encrypt-files-and-folders-with-ecryptfs-on-ubuntu-18-04\/\" target=\"_blank\" rel=\"noopener\">how to encrypt files and directories on Ubuntu 18.04 using eCryptfs<\/a>.&nbsp;The whole process of decrypting the directories is a bit old school and therefore, we bring you the easiest ways to decrypt the eCryptfs encrypted directory.<\/p>\n\n\n\n<div class=\"wp-block-rank-math-toc-block\" id=\"rank-math-toc\"><h2>Table of Contents<\/h2><nav><ul><li><a href=\"#automating-e-cryptfs-mounting-procedure\">Automating eCryptfs Mounting Procedure<\/a><ul><li><a href=\"#auto-mount-e-cryptfs-encrypted-directory-using-a-bash-script\">Auto-mount eCryptfs encrypted directory using a bash script<\/a><\/li><li><a href=\"#auto-mount-e-cryptfs-encrypted-directory-using-a-usb-key\">Auto-mount eCryptfs encrypted directory using a USB key<\/a><\/li><\/ul><\/li><\/ul><\/nav><\/div>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"automating-e-cryptfs-mounting-procedure\">Automating eCryptfs Mounting Procedure<\/h2>\n\n\n\n<p>We will discuss two ways of doing this;<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Using bash script to automate the whole mount procedure<\/li>\n\n\n\n<li>using a USB with a passphrase key to automount the directory on boot.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"auto-mount-e-cryptfs-encrypted-directory-using-a-bash-script\">Auto-mount eCryptfs encrypted directory using a bash script<\/h3>\n\n\n\n<p>The following is bash script that&nbsp; I made for this task. Feel free to improve on it to best suite your needs.<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\"><code>vim mount_unmount_mydocs.sh<\/code><\/pre>\n\n\n\n<pre class=\"scroll-box\"><code>\n#!\/bin\/bash\nhome=$HOME\nsecure_dir=$HOME\/mydocuments\n# Choose whether to mount or unmount your encrypted directory.\nread -p \"Do you want to mount or unmount the directory?(mount\/unmount): \" choice\nif [[ \"$choice\" == \"mount\" ]]; then\n       # Prompt the user to enter passphrase.\n       read -sp \"Enter the mount passphrase: \" mountphrase\n       echo\n       echo \"passphrase_passwd=${mountphrase}\" &gt; $HOME\/key.txt\n\n       #Insert the Authentication passphrase into the user session keyring\n       printf \"%s\" \"${mountphrase}\" | ecryptfs-add-passphrase - &gt; $HOME\/sig_file.txt\n\n       #Extract the signature from the tmp.txr file\n       sig=`cat sig_file.txt | cut -d\" \" -f6 | tr -d '[]'`\n       # Remove the file with the signature\n       rm -f $HOME\/sig_file.txt\n\n       #Mount the directory\n       sudo mount -t ecryptfs -o key=passphrase:passphrase_passwd_file=$HOME\/key.txt,no_sig_cache,ecryptfs_cipher=aes,ecryptfs_key_bytes=16,ecryptfs_enable_filename=y,ecryptfs_passthrough=n,ecryptfs_enable_filename_crypto=y,ecryptfs_fnek_sig=${sig},ecryptfs_sig=${sig},ecryptfs_unlink_sigs $secure_dir $secure_dir &amp;&gt;\/dev\/null\n       echo \"Encrypted directory mounted successfully.\"\n       # Remove the file containing the passphrase\n       rm -rf $HOME\/key.txt\nelif [[ \"$choice\" == \"unmount\" ]]; then\n        sudo umount $secure_dir 2&gt;\/dev\/null\n        if [[ $? == 0 ]]; then\n                echo \"Encrypted directory unmounted successfully.\"\n        else\n                echo \"$secure_dir: target is busy.\"\n        fi\nfi\n<\/code><\/pre>\n\n\n\n<p>Set the executable permissions on the script.<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\"><code>chmod +x mount_unmount_mydocs.sh<\/code><\/pre>\n\n\n\n<p>Mount the encrypted directory using the script.<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\"><code>.\/mount_unmount_mydocs.sh<\/code><\/pre>\n\n\n\n<pre class=\"wp-block-code\"><code>Do you want to mount or unmount the directory?(mount\/unmount): mount\nEnter the mount passphrase: \nEncrypted directory mounted successfully.<\/code><\/pre>\n\n\n\n<p>Unmount the encrypted directory<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\"><code>.\/mount_unmount_mydocs.sh<\/code><\/pre>\n\n\n\n<pre class=\"wp-block-code\"><code>Do you want to mount or unmount the directory?(mount\/unmount): unmount\nEncrypted directory unmounted successfully.<\/code><\/pre>\n\n\n\n<p>You can create an alias for the script.<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\"><code>echo \"alias mount_unmount_mydocs='$HOME\/mount_unmount_mydocs.sh'\" &gt; .bash_aliases\nsource .bash_aliases<\/code><\/pre>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"auto-mount-e-cryptfs-encrypted-directory-using-a-usb-key\">Auto-mount eCryptfs encrypted directory using a USB key<\/h3>\n\n\n\n<p>This example will use a <span class=\"file filename\">\/root\/.ecryptfsrc<\/span> file containing mount options, along with a passphrase file residing on a USB key.<\/p>\n\n\n\n<p>Create a mount point for mounting the USB drive.<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\"><code>mkdir \/media\/$USER\/usb<\/code><\/pre>\n\n\n\n<p>Mount the USB drive<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\"><code>mount \/dev\/sdb1 \/media\/$USER\/usb<\/code><\/pre>\n\n\n\n<p>Create a passphrase file in USB mount directory<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>vim \/media\/$USER\/usb\/key.txt<\/code><\/pre>\n\n\n\n<p id=\"block-ef6166b4-c578-4a58-8975-6f615844f5fb\">Substitute with your passphrase;<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\"><code>passphrase_passwd=[<strong>secrets<\/strong>]  <\/code><\/pre>\n\n\n\n<p>Extract a signature ID from the \/root\/.ecryptfs\/sig-cache.txt file<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>cat \/root\/.ecryptfs\/sig-cache.txt<\/code><\/pre>\n\n\n\n<pre class=\"wp-block-preformatted\"><code> 96b6fac91e0a01b8<\/code><\/pre>\n\n\n\n<p>Create <span class=\"file filename\">\/root\/.ecryptfsrc<\/span> file containing the mount information:<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\"><code>vim <span class=\"file filename\">\/root\/.ecryptfsrc<\/span><\/code><\/pre>\n\n\n\n<pre class=\"scroll-box\"><code>\nkey=passphrase:passphrase_passwd_file=<strong>\/media\/username\/usb\/key.txt<\/strong>\necryptfs_sig=<strong>96b6fac91e0a01b8<\/strong>\necryptfs_cipher=aes\necryptfs_key_bytes=16\necryptfs_passthrough=n\necryptfs_enable_filename_crypto=n\n<\/code><\/pre>\n\n\n\n<p>Add the Mount Options to the fstab file.<\/p>\n\n\n\n<p>Replace the $USER value accordingly!<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\"><code>\/dev\/sdb1   \/media\/$USER\/usb    ext3    ro      0 0\n\/home\/#USER\/mydocuments \/home\/$USER\/mydocuments ecryptfs defaults 0 0<\/code><\/pre>\n\n\n\n<p>Note that USB with passphrase has to be mounted first before the encrypted directory can be mounted.<\/p>\n\n\n\n<p>That concludes our guide on how to automate eCryptfs mounting procedure.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>In this guide, you will learn how to automate ecryptfs mounting procedure. In our previous article, we learnt how to encrypt files and directories on<\/p>\n","protected":false},"author":1,"featured_media":16619,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"rank_math_lock_modified_date":false,"footnotes":""},"categories":[34,159],"tags":[162,164,6680,160,163,6681],"class_list":["post-841","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-security","category-encryption","tag-automouting","tag-bash-script","tag-ecrypfs-automount-encrypted-directory","tag-encryption","tag-fstab","tag-use-usb-key-to-mount-ecryptfs-directory","generate-columns","tablet-grid-50","mobile-grid-100","grid-parent","grid-50","resize-featured-image"],"_links":{"self":[{"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/posts\/841"}],"collection":[{"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/comments?post=841"}],"version-history":[{"count":5,"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/posts\/841\/revisions"}],"predecessor-version":[{"id":21044,"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/posts\/841\/revisions\/21044"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/media\/16619"}],"wp:attachment":[{"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/media?parent=841"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/categories?post=841"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/tags?post=841"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}