Encrypt your data /srv in Ubuntu
Install package
apt install ecryptfs-utils
Adding encryption information
root@encdir:~# cat .ecryptfsrc
key=passphrase:passphrase_passwd_file=/opt/passwd.txt
ecryptfs_sig=5826dd62cf81c615
ecryptfs_cipher=aes
ecryptfs_key_bytes=16
ecryptfs_passthrough=n
ecryptfs_enable_filename_crypto=nroot@encdir:~# cat /opt/passwd.txt
passphrase_passwd=inquartikinquartikMonunt /srv directory as an Encryption Directory
root@encdir:~# mount -t ecryptfs /srv /srv
Attempting to mount with the following options:
ecryptfs_unlink_sigs
ecryptfs_key_bytes=16
ecryptfs_cipher=aes
ecryptfs_sig=024f9aaf95b0eaf8
WARNING: Based on the contents of [/root/.ecryptfs/sig-cache.txt],
it looks like you have never mounted with this key
before. This could mean that you have typed your
passphrase wrong.
Would you like to proceed with the mount (yes/no)? : yes
Would you like to append sig [024f9aaf95b0eaf8] to
[/root/.ecryptfs/sig-cache.txt]
in order to avoid this warning in the future (yes/no)? : yes
Successfully appended new sig to user sig cache file
Mounted eCryptfs
check result
root@encdir:~# mount
/srv on /srv type ecryptfs (rw,relatime,ecryptfs_sig=024f9aaf95b0eaf8,ecryptfs_cipher=aes,ecryptfs_key_bytes=16,ecryptfs_unlink_sigs)Automatically Mount After Reboot
root@encdir:~# cat /etc/fstab
/dev/fd0 /media/floppy0 auto rw,user,noauto,exec,utf8 0 0
.
.
.
/srv /srv ecryptfs defaults 0 0Performance test
With Encryption
root@encdir:~# mount -t ecryptfs /srv /srv
root@encdir:~# dd if=/dev/zero of=/srv/testp bs=10k count=100000 oflag=sync
100000+0 records in
100000+0 records out
1024000000 bytes (1.0 GB, 977 MiB) copied, 26.8949 s, 38.1 MB/sWithout Encryption
root@encdir:~# umount /srv
root@encdir:~# dd if=/dev/zero of=/srv/testpp bs=10k count=100000 oflag=sync
100000+0 records in
100000+0 records out
1024000000 bytes (1.0 GB, 977 MiB) copied, 17.158 s, 59.7 MB/sOverhead
It's about 30% overhead after directory encryption.
No comments:
Post a Comment