Using eCryptfs on the B3
Installing the Kernel Module
#aptitude install devscripts build-essential lsb-release libncurses-dev
# uname -a Linux b3 2.6.35.4 #5 Tue Sep 7 16:06:15 CEST 2010 armv5tel GNU/Linux # wget http://download.excito.net/kernel/Excito_B3/2.6.35.4/linux-2.6.35.4-excito.tar.bz2
# tar -xjvf linux-2.6.35.4-excito.tar.bz2 # cd linux* # cat /proc/config.gz |gunzip >.config
# make menuconfig
File systems --->
Miscellaneous filesystems --->
<M> eCrypt filesystem layer support (EXPERIMENTAL)
# make modules
# cp -r fs/ecryptfs /lib/modules/2.6.35.4/kernel/fs/ # depmod -a # modprobe ecryptfs
# aptitude install ecryptfs-utils
Setting up the Mountpoints
# mkdir /home/storage/.pictures
# mount -t ecryptfs /home/storage/.pictures /home/storage/pictures Passphrase: My secret passphrase! Select cipher: 1) aes: blocksize = 16; min keysize = 16; max keysize = 32 (loaded) 2) blowfish: blocksize = 16; min keysize = 16; max keysize = 56 (not loaded) 3) des3_ede: blocksize = 8; min keysize = 24; max keysize = 24 (loaded) 4) twofish: blocksize = 16; min keysize = 16; max keysize = 32 (not loaded) 5) cast6: blocksize = 16; min keysize = 16; max keysize = 32 (not loaded) 6) cast5: blocksize = 8; min keysize = 5; max keysize = 16 (not loaded) Selection [aes]: 1 Select key bytes: 1) 16 2) 32 3) 24 Selection [16]: 1 Enable plaintext passthrough (y/n) [n]: n Enable filename encryption (y/n) [n]: y Filename Encryption Key (FNEK) Signature [0123456789abcdef]: Attempting to mount with the following options: ecryptfs_unlink_sigs ecryptfs_fnek_sig=0123456789abcdef ecryptfs_key_bytes=16 ecryptfs_cipher=aes ecryptfs_sig=0123456789abcdef Mounted eCryptfs WARNING: Based on the contents of [/root/.ecryptfs/sig-cache.txt], it looks like you have never mounted with this key before. This could mean that you have typed your passphrase wrong. Would you like to proceed with the mount (yes/no)? : yes Would you like to append sig [0123456789abcdef] to [/root/.ecryptfs/sig-cache.txt] in order to avoid this warning in the future (yes/no)? : yes Successfully appended new sig to user sig cache file Mounted eCryptfs
- /etc/fstab
/home/.crypt/hard /home/crypt/hard ecryptfs noauto,rw,ecryptfs_sig=0123456789abcdef,ecryptfs_cipher=aes,ecryptfs_key_bytes=16,ecryptfs_fnek_sig=0123456789abcdef,ecryptfs_unlink_sigs,ecryptfs_passthrough=n 0 0
# umount /home/storage/pictures # mount /home/storage/pictures
Webinterface for Mounting
- /usr/share/web-admin/admin/controllers/ecryptfs.php
<?php class Ecryptfs extends Controller{ function __construct(){ parent::Controller(); require_once(APPPATH."/legacy/defines.php"); require_once(ADMINFUNCS); $this->Auth_model->enforce_policy('web_admin','administer', 'admin'); load_lang("bubba",THEME.'/i18n/'.LANGUAGE); } function _renderfull($content, $head = '/disk/disk_head_view', $data = ''){ $navdata["menu"] = $this->menu->retrieve($this->session->userdata('user'),$this->uri->uri_string()); $mdata["navbar"]=$this->load->view(THEME.'/nav_view',$navdata,true); $mdata["dialog_menu"] = $this->load->view(THEME.'/menu_view',$this->menu->get_dialog_menu(),true); $mdata["head"] = $this->load->view(THEME.$head,$data,true); $mdata["content"]=$content; $this->load->view(THEME.'/main_view',$mdata); } function _list_mounts($haspass){ $fstab = file('/etc/fstab'); $fstab = preg_grep ('/^\s*#/',$fstab,PREG_GREP_INVERT); $fstab = preg_grep ('/\secryptfs\s/',$fstab); sort($fstab); $mtab = file('/etc/mtab'); $mtab = preg_grep ('/^\s*#/',$mtab,PREG_GREP_INVERT); $mtab = preg_grep ('/\secryptfs\s/',$mtab); sort($mtab); echo '<table class="ui-table-outline">'; echo '<thead>'; echo '<tr>'; echo '<th colspan="3" class="ui-state-default ui-widget-header">eCryptfs Mount Points</th>'; echo '</tr>'; echo '<tr class="ui-header">'; echo '<th width="50%">Mountpoint</th>'; echo '<th width="50%">Mounted</th>'; echo '</tr>'; echo '</thead>'; echo '<tbody>'; foreach($fstab as $num => $line){ $fields = preg_split('/\s+/',$line); $ck = preg_quote($fields[0],'/'); $is_mounted = count(preg_grep("/^$ck\s/",$mtab)); echo '<tr>'; echo '<td>'.htmlspecialchars($fields[1]).'</td>'; if($is_mounted){ echo '<td style="color: green">mounted</td>'; }else{ if($haspass && $this->_mount($fields[1])){ echo '<td style="color: green">now mounted</td>'; }else{ echo '<td style="color: red">not mounted</td>'; } } echo '</tr>'; } echo '<tbody>'; echo '</table>'; echo '<form action="" method="POST">'; echo '<fieldset>'; echo '<legend>Provide passphrase</legend>'; echo '<input type="password" name="pass" style="display:inline" />'; echo '<input type="submit" value="mount" style="display:inline" />'; echo '</fieldset>'; echo '</form>'; } function _passadd($pass){ $fstab = file('/etc/fstab'); $fstab = preg_grep ('/^\s*#/',$fstab,PREG_GREP_INVERT); $fstab = preg_grep ('/\secryptfs\s/',$fstab); sort($fstab); $mtab = file('/etc/mtab'); $mtab = preg_grep ('/^\s*#/',$mtab,PREG_GREP_INVERT); $mtab = preg_grep ('/\secryptfs\s/',$mtab); sort($mtab); $fh = popen('/usr/bin/ecryptfs-add-passphrase --fnek -','w'); if(!$fh) { echo '<p class="err">Failed to run the <code>ecryptfs-add-passphrase</code> command.</p>'; return false; } fwrite($fh,$pass); $ok = pclose($fh); if($ok !== 0){ echo '<p class="err">Something went wrong during passphrase add.</p>'; return false; } echo '<p class="err">Passphrase added to kernel keyring.</p>'; return true; } function _mount($mp){ $ok = 0; $out = array(); exec('/bin/mount -i '.escapeshellarg($mp),$out,$ok); if($ok == 0){ return true; }else{ return false; } } function index(){ ob_start(); if(!isset($_SERVER['HTTPS']) || $_SERVER['HTTPS'] != 'on'){ echo '<p class="err">Please access this page via <a href="https://'.$_SERVER['SERVER_NAME'].$_SERVER['REQUEST_URI'].'">HTTPS</a> only</p>'; }else{ $haspass = false; if(isset($_POST['pass']) && $_POST['pass']){ $haspass = $this->_passadd($_POST['pass']); } $this->_list_mounts($haspass); } $content = ob_get_contents(); ob_end_clean(); $this->_renderfull($content); } }
https://b3/admin/ecryptfs.php1)
1)
URL