請問磁區加密的方式 - Linux
By Joseph
at 2011-06-13T20:53
at 2011-06-13T20:53
Table of Contents
小弟也來獻醜一下,剛好兩個月前也玩過。
http://dodgelin.blogspot.com/2011/04/ubuntudebian-ecryptfs-encrypted-file.html
Ubuntu/Debian 設定使用加密檔案系統
主要參考文件:
http://www.ubuntugeek.com/how-to-create-a-private-encrypted-folder-on-ubuntu-
810-intrepid.html
用這個eCryptfs的好處是,這是Linux檔案系統內建的Kenel module (Linux kernel >=
2.6.19)
對比之下,EncFS這個套件是執行在 FUSE kernel driver 之下,效能上 eCryptfs 會比
EncFS好,吃CPU應該是 ecryptfs 比較低。
步驟:
1. 安裝完套件( sudo apt-get install ecryptfs-utils),接下來的設定都是透過命
令列執行,需要有root權限。
2. 新增或修改想要加密的資料夾,注意權限設定。例如: chmod 700 yy
3. sudo mount -t ecryptfs yy yy (將目前目錄中的 zz 資料夾加密,掛載)
4. 接下來系統會問
Passphrase: (設定加密密碼)
Select cipher: (選擇加密格式)
1) aes: blocksize = 16; min keysize = 16; max keysize = 32 (not loaded)
2) blowfish: blocksize = 16; min keysize = 16; max keysize = 56 (not loaded)
3) des3_ede: blocksize = 8; min keysize = 24; max keysize = 24 (not loaded)
4) twofish: blocksize = 16; min keysize = 16; max keysize = 32 (not loaded)
5) cast6: blocksize = 16; min keysize = 16; max keysize = 32 (not loaded)
6) cast5: blocksize = 8; min keysize = 5; max keysize = 16 (not loaded)
Selection [aes]: (預設為AES)
Select key bytes: (選擇加密金鑰長度)
1) 16
2) 32
3) 24
Selection [16]: 1 (預設為16 byte = 128 bit, 最大可到32 byte = 256 bit)
Enable plaintext passthrough (y/n) [n]: (加密資料夾中使否允許無加密的檔案。預
設為no)
Enable filename encryption (y/n) [n]: y (檔名是否加密。預設為no,我選擇 yes)
Filename Encryption Key (FNEK) Signature [13fa0849da92e06]: (檔名加密金鑰。
選預設就好)
Attempting to mount with the following options:
ecryptfs_unlink_sigs
ecryptfs_fnek_sig=13fa0849da92e06
ecryptfs_key_bytes=32
ecryptfs_cipher=aes
ecryptfs_sig=13fa0849da92e06
WARNING: Based on the contents of [/root/.ecryptfs/sig-cache.txt],
it looks like you have never mounted with this key
before. This could mean that you have typed your
passphrase wrong.
Would you like to proceed with the mount (yes/no)? : yes (是否真的執行選擇掛
載檔案系統動作?當然選 yes)
Would you like to append sig [13fa0849da92e06] to
[/root/.ecryptfs/sig-cache.txt]
in order to avoid this warning in the future (yes/no)? : no (是否要將以上設定
資料存下來,以後可以直接套用)
Not adding sig to user sig cache file; continuing with mount.
Mounted eCryptfs
5. 要把加密的資料夾卸載,只要用 sudo umount yy ,資料夾內的檔案就會變成無法讀取的
格式了。
基本上這樣就完成了加密資料夾的設定,AES 256 bit 加密的強度已經是目前主流規格,
應該夠用了。
加密完別忘了自己密碼。
=========================================================
我才不會承認搞這東西是為了藏迷片的....
--
我剛登場就踢爆一棵大樹唷~~~~~~~~~
叫你多出點任務不出,這下變成雜魚了吼
--
http://dodgelin.blogspot.com/2011/04/ubuntudebian-ecryptfs-encrypted-file.html
Ubuntu/Debian 設定使用加密檔案系統
主要參考文件:
http://www.ubuntugeek.com/how-to-create-a-private-encrypted-folder-on-ubuntu-
810-intrepid.html
用這個eCryptfs的好處是,這是Linux檔案系統內建的Kenel module (Linux kernel >=
2.6.19)
對比之下,EncFS這個套件是執行在 FUSE kernel driver 之下,效能上 eCryptfs 會比
EncFS好,吃CPU應該是 ecryptfs 比較低。
步驟:
1. 安裝完套件( sudo apt-get install ecryptfs-utils),接下來的設定都是透過命
令列執行,需要有root權限。
2. 新增或修改想要加密的資料夾,注意權限設定。例如: chmod 700 yy
3. sudo mount -t ecryptfs yy yy (將目前目錄中的 zz 資料夾加密,掛載)
4. 接下來系統會問
Passphrase: (設定加密密碼)
Select cipher: (選擇加密格式)
1) aes: blocksize = 16; min keysize = 16; max keysize = 32 (not loaded)
2) blowfish: blocksize = 16; min keysize = 16; max keysize = 56 (not loaded)
3) des3_ede: blocksize = 8; min keysize = 24; max keysize = 24 (not loaded)
4) twofish: blocksize = 16; min keysize = 16; max keysize = 32 (not loaded)
5) cast6: blocksize = 16; min keysize = 16; max keysize = 32 (not loaded)
6) cast5: blocksize = 8; min keysize = 5; max keysize = 16 (not loaded)
Selection [aes]: (預設為AES)
Select key bytes: (選擇加密金鑰長度)
1) 16
2) 32
3) 24
Selection [16]: 1 (預設為16 byte = 128 bit, 最大可到32 byte = 256 bit)
Enable plaintext passthrough (y/n) [n]: (加密資料夾中使否允許無加密的檔案。預
設為no)
Enable filename encryption (y/n) [n]: y (檔名是否加密。預設為no,我選擇 yes)
Filename Encryption Key (FNEK) Signature [13fa0849da92e06]: (檔名加密金鑰。
選預設就好)
Attempting to mount with the following options:
ecryptfs_unlink_sigs
ecryptfs_fnek_sig=13fa0849da92e06
ecryptfs_key_bytes=32
ecryptfs_cipher=aes
ecryptfs_sig=13fa0849da92e06
WARNING: Based on the contents of [/root/.ecryptfs/sig-cache.txt],
it looks like you have never mounted with this key
before. This could mean that you have typed your
passphrase wrong.
Would you like to proceed with the mount (yes/no)? : yes (是否真的執行選擇掛
載檔案系統動作?當然選 yes)
Would you like to append sig [13fa0849da92e06] to
[/root/.ecryptfs/sig-cache.txt]
in order to avoid this warning in the future (yes/no)? : no (是否要將以上設定
資料存下來,以後可以直接套用)
Not adding sig to user sig cache file; continuing with mount.
Mounted eCryptfs
5. 要把加密的資料夾卸載,只要用 sudo umount yy ,資料夾內的檔案就會變成無法讀取的
格式了。
基本上這樣就完成了加密資料夾的設定,AES 256 bit 加密的強度已經是目前主流規格,
應該夠用了。
加密完別忘了自己密碼。
=========================================================
我才不會承認搞這東西是為了藏迷片的....
--
我剛登場就踢爆一棵大樹唷~~~~~~~~~
叫你多出點任務不出,這下變成雜魚了吼
--
Tags:
Linux
All Comments
By Eden
at 2011-06-15T16:04
at 2011-06-15T16:04
Related Posts
請問台大開的課能上嗎?
By Hedwig
at 2011-06-13T20:47
at 2011-06-13T20:47
Ubuntu底下VirtualBox Port Forwarding問題
By Megan
at 2011-06-13T17:00
at 2011-06-13T17:00
關於sshd一直被暴力攻擊的解決方法
By Thomas
at 2011-06-13T12:10
at 2011-06-13T12:10
Postfix 備份
By Necoo
at 2011-06-13T10:00
at 2011-06-13T10:00
apt-build CPU最佳化參數?
By Hazel
at 2011-06-13T00:13
at 2011-06-13T00:13