rigacci.org

User Tools

Site Tools

Trace:
doc:appunti:linux:sa:cryptfs

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision		Previous revision
Last revisionBoth sides next revision
doc:appunti:linux:sa:cryptfs [2012/05/18 23:04] – [Dm-crypt] niccolodoc:appunti:linux:sa:cryptfs [2019/07/12 11:11] – [Reverse enc-fs] niccolo
Line 166: Line 166:
 Per montare nuovamente la directory si usa lo stesso comando **''encfs''** utilizzato per inizializzare la directory. Per montare nuovamente la directory si usa lo stesso comando **''encfs''** utilizzato per inizializzare la directory.
  
 +È possibile **modificare la password**; si tratta in realtà della **password che protegge la chiave di cifratura** vera e propria, pertanto non sarà necessario cifrare nuovamente tutto il contenuto. Si usa il comando:
 +
 +<code>
 +encfsctl passwd ~/encfs/.crypt
 +</code>
 ==== Reverse enc-fs ==== ==== Reverse enc-fs ====
  
Line 171: Line 176:
  
 <code> <code>
-cat secret.txt | encfs --reverse --stdinpass /home /home-crypt+cat secret.txt | encfs --standard --reverse --stdinpass /home /home-crypt
 </code> </code>
 +
 +L'opzione **%%--standard%%** serve a disabilitare la richiesta dei parametri quando si esegue il montaggio encfs per la prima volta. In tale circostanza infatti vengono chiesti via //stdin// alcuni parametri che "consumerebbero" una parte della password fornita appunto via //stdin//. I parametri di encfs vengono salvati nella directory radice in un file di nome **.encfs6.xml**.
  
 Per smontare la directory cifrata si utilizza: Per smontare la directory cifrata si utilizza:
Line 277: Line 284:
 </code> </code>
  
 +===== Manual start of encrypted disk =====
 +
 +If an encrypted disk **requires a password to be typed interactively**, it is obviously not possible to start it automatically at boot time. In old Debian releases there was the **timeout** parameter to be added into **/etc/crypttab**. Using that parameter, the starting of a LUKS volume is skipped at boot time and can be executed later using **/etc/init.d/cryptdisks start**.
 +
 +Starting with **Debian 5 Lenny** the //timeout// parameter was not longer available (see [[https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=495509|bug #495509]]). The **noauto** parameter is instead required in **/etc/crypttab** and eventually in **/etc/fstab**.
 +
 +Starting with **Debian 6 Squeeze** the **noauto** parameter is still required. Once the system is running you can execute the command **/etc/init.d/cryptdisks force-start** to start the encrypted disk, asking for the password.
 +
 +Starting with **Debian 9 Stretch** the **noauto** parameter is used as usual, but //sysvinit// init system was superceeded by **systemd**, so the script ''/etc/init.d/cryptdisks'' is no longer used. To start the encrypted disk interactively you should use the script **cryptdisks_start** instead, e.g.:
 +
 +<code>
 +cryptdisks_start dm0
 +</code>
doc/appunti/linux/sa/cryptfs.txt · Last modified: 2020/01/29 10:48 by niccolo