The default ecryptfs-private settings aren’t quite what I want; they mount automatically on login and invoke some kind of system-magic I don’t understand to hide the encrypted files. Turns out that setting up encrypted directories is pretty darn easy, once you dig through enough of the man pages.

Pick a directory

mkdir ~/private
chmod 700 ~/private

Add the mount command to sudoers for passwordless mounts

# Cmnd alias specification
Cmnd_Alias MOUNTPRIVATE = /bin/mount /path/to/private /path/to/private -t \
ecryptfs -o key\=passphrase\,ecryptfs_cipher\=aes\,ecryptfs_key_bytes\=24\,\

Cmnd_Alias UMOUNTPRIVATE = /bin/umount /path/to/private

# Your username goes here, obviously

Set up that mount command in .bash_aliases

alias mount_private="sudo mount ~/private ~/private -t \
ecryptfs -o key=passphrase,ecryptfs_cipher=aes,ecryptfs_key_bytes=24,\
alias umount_private="sudo umount ~/private"

Then just run mount_private and enter a passphrase of your choice. You can unmount the directory with umount_private. Drop that in your with xenity, unmount it before activating the screensaver, whatever floats your boat.

I’m not sure how to tell ecryptfs to use a sig cache other than the one in root’s homedir, or how to allow mounting as the regular user without abusing suid. If anyone has suggestions…

Post a Comment

Comments are moderated. Links have nofollow. Seriously, spammers, give it a rest.

Please avoid writing anything here unless you're a computer. This is also a trap:

Supports Github-flavored Markdown, including [links](, *emphasis*, _underline_, `code`, and > blockquotes. Use ```clj on its own line to start an (e.g.) Clojure code block, and ``` to end the block.