The guide mentioned Intrepid has the ability to create an automounting private folder using ecryptfs‐utils with next to no setup. That’s nice, but I’d rather have a bit more control over the folder – having it just pop up on login isn’t very appealing since my system gets used from time to time by other people. A bit of googling around turned this up:

1. How to auto-configure
   
2. How to configure hands on
3. The basic truecrypt way

Ubuntugeek has a nice writeup on the under-the-hood way to use ecryptfs-utils. The reason I’m going with this over Truecrypt is I’d rather have the files encrypt on the fly without needing a set amount of space first (as in a container). I’ll keep the containers on my thumb drives for now.

Started with the Ubuntugeek step by step:

• sudo aptitude install ecryptfs-utils
• mkdir ~/crypt
• chmod 700 ~/crypt
• sudo mount -t ecryptfs ~/crypt ~/crypt
  • chose 4 for passphrase
  • created passphrase<
  • selected aes for cipher
  • 16 for blocksize

After selecting my options:

Attempting to mount with the following options:
 ecryptfs_key_bytes=16
 ecryptfs_cipher=aes
 ecryptfs_sig=1c56a17407ef3160
 WARNING: Based on the contents of [/root/.ecryptfs/sig-cache.txt],
 it looks like you have never mounted with this key
 before. This could mean that you have typed your
 passphrase wrong.

Would you like to proceed with the mount (yes/no)? yes
 Would you like to append sig [1c56a17407ef3160] to
 [/root/.ecryptfs/sig-cache.txt]
 in order to avoid this warning in the future (yes/no)? yes
 Successfully appended new sig to user sig cache file
 Mounted eCryptfs

Not quite sure what just happened there. I just installed this thing, of course I haven’t mounted with this key before. I wasn’t asked for a plaintext passthrough either. Check to see if it worked anyways.

• cp Firefox_wallpaper.png ~/crypt
• ls ~/crypt
• sudo umount ~/crypt
• ls ~/ | grep crypt

Crypt is still there! Blast.

• ls ~/crypt

It still shows my png file too!

• gnome-open ~/crypt/Firefox_wallpaper.png

“Fatal error reading PNG image file: Not a PNG file”

Alright, so that’s good, it’s probably encrypted then. I’ll remount and see if it’ll open.

• sudo mount -t ecryptfs ~/crypt ~/crypt -o key=passphrase,ecryptfs_cipher=aes,ecryptfs_key_bytes=16,ecryptfs_passthrough=n
• gnome-open ~/crypt/Firefox_wallpaper.png

Yep, opens fine now. Since I was expecting Truecrypt style mount behavior from Windows I was expecting the entire folder to just disapear (even though I specifically created one, duh). Reading through the ecryptfs page and here made a bit more sense. Without pre-allocation there isn’t much of a choice anyways. Time to turn this bulky command into an easy use alias:

• echo "alias mount-crypt='sudo mount -t ecryptfs ~/crypt ~/crypt -o key=passphrase,ecryptfs_cipher=aes,ecryptfs_key_bytes=16,ecryptfs_passthrough=n'" | tee -a ~/.bash_aliases
• source .bashrc

Figuring out the above took a bit longer than those two lines… here’s some insight into my rookie mistakes. (460 through 471 was me playing videos in terminal via ascii, heh.)