Encrypting project directories with ecryptfs-utils

I worked up a way to store engagement/project data in an encrypted directory. I had originally wanted to dd a blob to the current file-system and then format & encrypt it. I found an easier way to go about this using the ecryptfs-utils suite. I worked up a script to help me perform this task every time I take on a new engagement. The tools used by this script come from the ecryptfs-utils package. Use this script in the following manner.

./ecryptfs_project_dir.sh acme /usr/local/projects

The entire script…

#!/bin/bash

PROJECT_NAME="$1"
PROJECT_BASE="$2"

print_help() {
        echo "Usage: $(basename $0) <project name> <project base>"
}
 
if [ -z "${PROJECT_NAME}" ]; then
        echo "Error: Provide me a project name."
        echo
        print_help
        exit 1
fi
 
if [ -z "${PROJECT_BASE}" ]; then
        echo "Error: Provide me a project base directory."
        echo
        print_help
        exit 2
fi

mkdir -p ${PROJECT_BASE}/${PROJECT_NAME}
mkdir -p ${PROJECT_BASE}/.${PROJECT_NAME}

TMP_FILE="/tmp/tmp.$$.txt"

PASSWORD=$(date | md5sum | awk '{print $1}')

# Add password to session keyring
printf "%s" "${PASSWORD}" | ecryptfs-add-passphrase > $TMP_FILE

# Pull the signature from the temporary file
SIG=$(grep keyring $TMP_FILE | awk '{print $6}' | tr -d '[' | tr -d ']')

echo "Store this information in your project notes"
echo 
echo "######################################################"
echo "${PASSWORD}:${SIG}"
echo "######################################################"
echo

rm -f $TMP_FILE

# Mount the directory
mount -t ecryptfs -o key=passphrase:passphrase_passwd=${PASSWORD},no_sig_cache=yes,verbose=no,ecryptfs_sig=${SIG},ecryptfs_cipher=aes,ecryptfs_key_bytes=32,ecryptfs_passthrough=no,ecryptfs_enable_filename_crypto=no ${PROJECT_BASE}/.${PROJECT_NAME} ${PROJECT_BASE}/${PROJECT_NAME}

echo 
echo "Use the following to remount the directory in the future"
echo
echo "mount -t ecryptfs -o key=passphrase:passphrase_passwd=${PASSWORD},no_sig_cache=yes,verbose=no,ecryptfs_sig=${SIG},ecryptfs_cipher=aes,ecryptfs_key_bytes=32,ecryptfs_passthrough=no,ecryptfs_enable_filename_crypto=no ${PROJECT_BASE}/.${PROJECT_NAME} ${PROJECT_BASE}/${PROJECT_NAME}"
echo

Storing the pertinent info in your project notes will allow you to remount the directory when necessary.

Tagged ,

Leave a Reply

Your email address will not be published.