Creating an encrypted shared folder for two Ubuntu users

Asked by Aaron Whitehouse on 2012-10-31

Hi,

I would like to create an encrypted folder that is accessible by multiple accounts on the same computer.

I'm a big fan of ecryptfs. I use it in Ubuntu to encrypt our home directories on our home laptop, among other things. There are a number of files that we want to share between our user accounts.

I would like to encrypt our shared folders so that these are also protected if the laptop is stolen. I would need this to be transparent so that it appeared as if we were sharing an unencrypted folder/mount.

At a technical level, I assume that this would require the folder to be encrypted and mounted after the user logs in, either using some PAM thing, or a passphrase in a file within the home directory (which is itself encrypted and secure). I understand that there are issues using PAM:
https://bugs.launchpad.net/ecryptfs/+bug/615657
so it may have to be a file in the home directory.

Has anybody done this? What is the most straightforward way to achieve it?

I have read:
https://answers.launchpad.net/ubuntu/+source/ecryptfs-utils/+question/64756
which didn't actually answer the question and asked this in the wrong place a while ago:
https://answers.launchpad.net/ecryptfs/+question/194085

Question information

Language:
English Edit question
Status:
Open
For:
Ubuntu ecryptfs-utils Edit question
Assignee:
No assignee Edit question
Last query:
2012-11-04
Last reply:
2012-10-31

Thanks actionparsnip.

I think that the answer is to use mount.ecryptfs_private, but I can't make it work. Is there a tutorial or something on using this?

I have tried doing the following:
1. Create a folder /home/aaron/Shared/ that I have access to.
2. Create a file ~/.ecryptfs/Shared.conf
3. Put the following into the file:
/home/shared /home/aaron/Shared ecryptfs none 0 0
4. Running it
$ mount.ecryptfs_private Shared
but I get the error:
fopen: No such file or directory
keyctl_search: Success
Perhaps try the interactive 'ecryptfs-mount-private'

Can anybody please point me to what I am doing wrong?

==
For anybody else going through the journey before this is answered, the following may help:

The link didn't really address my question, as it was quite an old tutorial on LUKS/dmcrypt. I am not particulary keen to use block-level encryption and this is why I was asking how to achieve this with ecryptfs. The main reason for this being that I do not want to pre-allocate the space for the files.

EncFS looked like it may fit my needs:
http://www.arg0.net/encfs
but I would prefer to use ecryptfs, as it is a kernel module rather than a FUSE filesystem.

I see that somebody else has had the same issue:
https://bbs.archlinux.org/viewtopic.php?id=142151
and written a program that in essence allows ecryptfs to be used like EncFS:
http://xyne.archlinux.ca/projects/ecryptfs-simple/

This was requested to be added to Ubuntu here:
https://bugs.launchpad.net/ecryptfs/+bug/1036418
but rejected. The developers said that it is already possible to achieve this using mount.ecryptfs_private.

Can you help with this problem?

Provide an answer of your own, or ask Aaron Whitehouse for more information if necessary.

To post a message you must log in.