Differences

This shows you the differences between two versions of the page.

--- mounting_an_encrypted_partition_with_encfs [2021/03/22 05:08] – [How it works] hc9
+++ mounting_an_encrypted_partition_with_encfs [2024/09/05 06:08] (current) – ='' hc9
@@ Line 1: / Line 1: @@
-===== Mounting an encrypted partition with EncFS =====
+====== Mounting an encrypted partition with EncFS ======
 ----
@@ Line 13: / Line 13: @@
 This is designed to protect against off-line attacks, that is, the contents of the encrypted folder are safe(er) while the directory is unmounted. While it is mounted, anyone with enough permissions over the mountpoint can still access the information of the files. Furthermore, since the encryption works on a file-by-file basis, some metadata will remain visible even while unmounted. Things like the number of files, their permissions, sizes and approximate filename size will be accessible to anyone with appropriate permissions over the encrypted folder.
-Read the [[#tips_and_tricks|#tips_and_tricks]] section for a few of suggestions on how to ameliorate some of these problems.
+Read the [[#tips_and_tricks|Tips and Tricks]] section for a few of suggestions on how to ameliorate some of these problems.
 ==== Set-up ====
@@ Line 36: / Line 36: @@
   Creating new encrypted volume.
   Please choose from one of the following options:
-   enter "x" for expert configuration mode,
+   enter “x” for expert configuration mode,
-   enter "p" for pre-configured paranoia mode,
+   enter “p” for pre-configured paranoia mode,
    anything else, or an empty line will select standard mode.
   ?>
@@ Line 43: / Line 43: @@
 Choosing the standard mode should be good enough for most cases but if you would like extra security, choose **p** for the paranoia mode (be aware that paranoia mode can make more difficult to make backups of the data. See Section [[#tips_and_tricks|Tips and Tricks]] for further details). After this, we will be prompted to enter a password twice, to confirm it and reduce the chances of a typo.
-EncFS allows us to automatically unmount the filesystem if it is idle for a certain period of time by giving the command line option **--idle=X** where **X** is the number of minutes before unmounting.
+EncFS allows us to automatically unmount the filesystem if it is idle for a certain period of time by giving the command line option –''idle=''**//X//** where **//X//** is the number of minutes before unmounting.
 To check that everything is working fine, we can run the **mount** command, which output should look like this:
@@ Line 65: / Line 65: @@
 === Backups ===
-Since the encryption is done file-by-file, we can easily make backups of the encrypted data without the need to mount the filesystem, so for instance, we can leave the backup to a cron job without compromising the safety of the files. Make sure to include the file **~/.crypt/.encfs6.xml** in the backup. This file saves the encryption configuration, and you will need it to decode the information later on. See the tutorial on [[http://sdf.org/?tutorials/rsync-backup|rsync]] for more information on how to make a backup.
+Since the encryption is done file-by-file, we can easily make backups of the encrypted data without the need to mount the filesystem, so for instance, we can leave the backup to a cron job without compromising the safety of the files. Make sure to include the file **~/.crypt/.encfs6.xml** in the backup. This file saves the encryption configuration, and you will need it to decode the information later on. See the tutorial on [[:backing_up_home_using_rsync|rsync]] for more information on how to make a backup.
-The paranoia mode has a feature named "External IV Chaining", which ties the filename (possibly including the absolute path) with the data for its encryption, so a file that has been moved or renamed will fail to decode properly. Make sure that, if you are doing backups of encrypted files, you will either have this option disabled or have a way to restore the whole path and filenames of the encrypted data.
+The paranoia mode has a feature named “External IV Chaining”, which ties the filename (possibly including the absolute path) with the data for its encryption, so a file that has been moved or renamed will fail to decode properly. Make sure that, if you are doing backups of encrypted files, you will either have this option disabled or have a way to restore the whole path and filenames of the encrypted data.
 === sshFS+EncFS ===
@@ Line 81: / Line 81: @@
 local.machine:~$ sshfs -o idmap=user username@remote.machine:./.crypt-remote ~/.crypt
 </code>
-    * The option **-o idmap=user** will map your local user name to the user name on the remote machine, that is, files on the remote system that are from the user username, appear to be from the user that you are logged in as on the local system (see the tutorial on [[http://sdf.org/?tutorials/sshfs|sshFS]] if you need).
+    * The option **-o idmap=user** will map your local user name to the user name on the remote machine, that is, files on the remote system that are from the user username, appear to be from the user that you are logged in as on the local system (see the tutorial on [[:sshfs-sdf|sshFS]] if you need).
   * Use EncFS locally to mount **~/.crypt** at **~/crypt** <code>