More on ecryptfs
Now that I have been trying ecryptfs for a while, and have found a good way of setting things up, it’s time to informally comment on my experience.
As a brief summary, the experiment was a success. I intend to keep using ecryptfs.
What I liked most about it, is that files are encrypted at the file level rather than at the filesystem level. And that is particularly useful when it comes to backups.
I periodically backup my home partition, using tar. I normally do this logged in at the command line as root, or after booting from a live CD. That way, the home partition is not being actively changed during backup. I occasionally backup the root partition, but that is less important. In case of a disk failure, I would normally prefer to reinstall rather than attempt to recover from a backup. But I do want to restore the “/home” partition from a backup.
Now there’s a problem with a simple backup, if you are using an encrypted partition. If I backup with tar, as indicated, I have to do that with the partition mounted which means that the unencrypted data is visible. So the backup is not encrypted. I could, instead, use something like “dd” to backup sector by sector. That would give an encrypted backup. But it would be slower and take more space, because all of the empty sectors would also be backed up. It you are only looking at an encrypted partition, you cannot tell which sectors are empty.
Neither of those choices is optimal. In practice, I do backup using tar, and leaving the data unencrypted on the backup media. My thinking is that if I ever forget the encryption key, then that is my way to recover. But it also means that I will have to be cautious about how I dispose of the backup media when it has reached end of life.
So here is where ecryptfs comes in. I now keep my most sensitive files in the ecryptfs private directory. And unless I have mounted that private directory, they are not visible there. They are present as files in “$HOME/.Private”, but they are encrypted in that form. So if I do a tar backup while not logged in, and while the ecryptfs private directory is not mounted, then files in that directory will be backed up as encrypted data.
Some additional comments on how I set it up.
I described the basic setup in the previous post. I initially did that on one system, for testing purposes. So I ran the command “ecryptfs-setup-private” in that one system. Then, on the other systems, I just installed the ecryptfs-utils, set the “suid” bit on “/sbin/mount.ecryptfs_private”, and setup the pam configuration as decribed in the earlier post. Then I simply copied the directories “$HOME/.Private”, “$HOME/.ecryptfs” and “$HOME/Private” to my other systems. It’s important to do that copy while the ecryptfs private directory is unmounted.
And that copy worked fine. I did not have to run the setup program on my other systems.
This is significant for recovery from a backup. If I ever have to restore from a backup, then the setup for the ecryptfs private directory will be automatically restored from that backup. I need only ensure that the utils are properly installed and the pam configuration is appropriate.