eCryptFS(Enterprise Cryptographic Filesystem)可翻译为企业级文件加密系统,是Linux系统中的文件加密系统,能够对文件或目录进行加密,且加密级别高,安全性强于一般软件。
安装eCryptfs
$ sudo apt-get install ecryptfs-utils
加密目录
创建一个加密目录:
$ mkdir ~/porn
以ecryptfs类型挂载目录:
$ sudo mount -t ecryptfs ~/porn ~/porn
回答几个问题:
Passphrase: # 设置加密密码
Select cipher:
1) aes: blocksize = 16; min keysize = 16; max keysize = 32
2) blowfish: blocksize = 8; min keysize = 16; max keysize = 56
3) des3_ede: blocksize = 8; min keysize = 24; max keysize = 24
4) twofish: blocksize = 16; min keysize = 16; max keysize = 32
5) cast6: blocksize = 16; min keysize = 16; max keysize = 32
6) cast5: blocksize = 8; min keysize = 5; max keysize = 16
Selection [aes]: # 回车
Select key bytes:
1) 16
2) 32
3) 24
Selection [16]: 32
Enable plaintext passthrough (y/n) [n]: n
Enable filename encryption (y/n) [n]: n
Attempting to mount with the following options:
ecryptfs_unlink_sigs
ecryptfs_key_bytes=32
ecryptfs_cipher=aes
ecryptfs_sig=d397a00139c3fac6
WARNING: Based on the contents of [/root/.ecryptfs/sig-cache.txt],
it looks like you have never mounted with this key
before. This could mean that you have typed your
passphrase wrong.
Would you like to proceed with the mount (yes/no)? : yes
Would you like to append sig [d397a00139c3fac6] to
[/root/.ecryptfs/sig-cache.txt]
in order to avoid this warning in the future (yes/no)? : yes
Successfully appended new sig to user sig cache file
Mounted eCryptfs
上面设置我只加密文件中的内容,文件名并没有加密。(Enable filename encryption)。
$ mount
测试:创建一个文件:
umount:
$ cd
$ sudo umount /home/snail/porn
再次查看文件中内容:
要想读取目录中内容,必须使用密码正确的挂载:
$ sudo mount -t ecryptfs ~/porn ~/porn