A PCRE internal error occured. This might be caused by a faulty plugin
====== Differences ====== This shows you the differences between two versions of the page.
| Next revision | Previous revision | ||
|
packages:ecryptfs [2015/08/29 01:31] admin created |
packages:ecryptfs [2015/11/19 18:51] (current) admin [Preserve Your Encryption Passphrase] |
||
|---|---|---|---|
| Line 21: | Line 21: | ||
| <code> | <code> | ||
| > ecryptfs-migrate-home -u <username> | > ecryptfs-migrate-home -u <username> | ||
| - | > ecryptfs-setup-swap | ||
| - | > reboot | ||
| </code> | </code> | ||
| Line 28: | Line 26: | ||
| When you are certain that all is ok with the encrypted home, you can destroy this /home/<user>.rndmtxt | When you are certain that all is ok with the encrypted home, you can destroy this /home/<user>.rndmtxt | ||
| + | |||
| + | === Multiple swap spaces === | ||
| + | |||
| + | If you have multiple swap partitions, you might NOT want to have them all encrypted. For example, if you are running a secured environment from a USB Key but have the swap space of your internal hard disk also used. To figure out what your current swap partitions are, run the //**lsblk**// command (root privilege is needed to read the uuid): | ||
| + | <code> | ||
| + | > lsblk -o +UUID | grep SWAP | ||
| + | ├─sda2 8:2 0 2G 0 part [SWAP] 07ca33fa-f4d2-4f94-ab0e-9b63d603555b | ||
| + | ├─sdb1 8:17 1 955M 0 part [SWAP] ee8ff167-0a59-46a7-8025-ed75cd88747d | ||
| + | </code> | ||
| + | |||
| + | We'll deactivate the swap we don't want to be encrypted, then encrypt our swap: | ||
| + | <code> | ||
| + | > swapoff -U 07ca33fa-f4d2-4f94-ab0e-9b63d603555b | ||
| + | > ecryptfs-setup-swap | ||
| + | > reboot | ||
| + | </code> | ||
| + | |||
| + | |||
| + | ==== Preserve Your Encryption Passphrase ==== | ||
| + | |||
| + | Would you ever be faced with the necessity to recover your encrypted partition from a rescue system (like [[http://www.sysresccd.org|SystemRescueCD]]), the only possibility you'll have to gain access to it from another system is to have your **Encryption Passphrase** available. It is thus **STRONGLY RECOMMENDED** that you note this passphrase somewhere safe, where you'll be able to access it in case your current system is locked. This means **do not store it inside your encrypted directory** as you won't be able to access it when needed. | ||
| + | |||
| + | <code> | ||
| + | > ecryptfs-unwrap-passphrase | ||
| + | Passphrase: | ||
| + | 854xxxxxxxxxxxxxxxxxxxxxxxxxxxca | ||
| + | </code> | ||
| + | |||
| + | === Recovering from a rescue system === | ||
| + | |||
| + | Make sure the partition containing your encrypted directory is mounted before issuing the following command to search your mounted file systems for encrypted private directories. The command will mount the encrypted directory in your /tmp directory: | ||
| + | |||
| + | <code> | ||
| + | > sudo ecryptfs-recover-private | ||
| + | [sudo] password for <user>: | ||
| + | INFO: Searching for encrypted private directories (this might take a while)... | ||
| + | INFO: Found [/home/.ecryptfs/<user>/.Private]. | ||
| + | Try to recover this directory? [Y/n]: Y | ||
| + | INFO: Found your wrapped-passphrase | ||
| + | Do you know your LOGIN passphrase? [Y/n] Y | ||
| + | INFO: Enter your LOGIN passphrase... | ||
| + | Passphrase: | ||
| + | INFO: Success! Private data mounted read-only at [/tmp/encryptfs.rndmtxt]. | ||
| + | </code> | ||
| + | |||
| + | You might need to be root to access the files. | ||
| + | |||
| + | ===== Mount TrueCrypt Volumes (using cryptsetup) ===== | ||
| + | |||
| + | Mount a volume | ||
| + | <code> | ||
| + | > sudo cryptsetup open --type tcrypt /var/run/media/username/volume_name encrypted_volume | ||
| + | > sudo mount /dev/mapper/encrypted_volume /mnt | ||
| + | </code> | ||
| + | |||
| + | Unmount volume: | ||
| + | <code> | ||
| + | > sudo umount /mnt | ||
| + | > sudo cyrptsetup close encrypted_volume | ||
| + | </code> | ||
