Encrypting project directories with ecryptfs-utils

I worked up a way to store engagement/project data in an encrypted directory. I had originally wanted to dd a blob to the current file-system and then format & encrypt it. I found an easier way to go about this using the ecryptfs-utils suite. I worked up a script to help me perform this task every time I take on a new engagement. The tools used by this script come from the ecryptfs-utils package. Use this script in the following manner.

./ecryptfs_project_dir.sh acme /usr/local/projects

The entire script…

#!/bin/bash

PROJECT_NAME="$1"
PROJECT_BASE="$2"

print_help() {
        echo "Usage: $(basename $0) <project name> <project base>"
}
 
if [ -z "${PROJECT_NAME}" ]; then
        echo "Error: Provide me a project name."
        echo
        print_help
        exit 1
fi
 
if [ -z "${PROJECT_BASE}" ]; then
        echo "Error: Provide me a project base directory."
        echo
        print_help
        exit 2
fi

mkdir -p ${PROJECT_BASE}/${PROJECT_NAME}
mkdir -p ${PROJECT_BASE}/.${PROJECT_NAME}

TMP_FILE="/tmp/tmp.$$.txt"

PASSWORD=$(date | md5sum | awk '{print $1}')

# Add password to session keyring
printf "%s" "${PASSWORD}" | ecryptfs-add-passphrase > $TMP_FILE

# Pull the signature from the temporary file
SIG=$(grep keyring $TMP_FILE | awk '{print $6}' | tr -d '[' | tr -d ']')

echo "Store this information in your project notes"
echo 
echo "######################################################"
echo "${PASSWORD}:${SIG}"
echo "######################################################"
echo

rm -f $TMP_FILE

# Mount the directory
mount -t ecryptfs -o key=passphrase:passphrase_passwd=${PASSWORD},no_sig_cache=yes,verbose=no,ecryptfs_sig=${SIG},ecryptfs_cipher=aes,ecryptfs_key_bytes=32,ecryptfs_passthrough=no,ecryptfs_enable_filename_crypto=no ${PROJECT_BASE}/.${PROJECT_NAME} ${PROJECT_BASE}/${PROJECT_NAME}

echo 
echo "Use the following to remount the directory in the future"
echo
echo "mount -t ecryptfs -o key=passphrase:passphrase_passwd=${PASSWORD},no_sig_cache=yes,verbose=no,ecryptfs_sig=${SIG},ecryptfs_cipher=aes,ecryptfs_key_bytes=32,ecryptfs_passthrough=no,ecryptfs_enable_filename_crypto=no ${PROJECT_BASE}/.${PROJECT_NAME} ${PROJECT_BASE}/${PROJECT_NAME}"
echo

Storing the pertinent info in your project notes will allow you to remount the directory when necessary.

Tagged Bash, Scripts

Ryan Wendel

My random musings on tech and whatever…

Encrypting project directories with ecryptfs-utils

About Ryan Wendel

Leave a Reply Cancel reply


Ryan Wendel currently operates as an AWS Solutions Architect for Trek10, an AWS Premier Consulting Partner. His primary interests and areas of technical expertise encompass AWS cloud architecture and web application security. Outside of his interests in technology, Ryan enjoys taking time off to snowboard, bike, lift weights, climb, hike, and enjoy the many delicious craft brews the Denver, CO area has to offer.

Ryan Wendel

My random musings on tech and whatever…

Related Posts

Executing Linux Commands Concurrently

Web Application Lab – Vulnerable PHP Scripts

Credential spraying with CrackMapExec (safely)

About Ryan Wendel

Leave a Reply Cancel reply