Author

Topic: using ecryptfs to protect your wallet (Read 1461 times)

administrator
Activity: 5222
Merit: 13032
October 21, 2010, 04:29:04 PM
#2
I use dm-crypt. You must be root to mount the encrypted device. You can use a file-based container with a loop device.

My mount script:
Code:
losetup /dev/loop0 /encrypted

HASH=`hashalot -s salt sha256 | hexdump -e '32/1 "%02x"'`
echo 0 `blockdev --getsize /dev/loop0` crypt aes-cbc-essiv:sha256 \
$HASH 0 /dev/loop0 0 | dmsetup create hidden

Unmount:
Code:
dmsetup remove hidden && losetup -d /dev/loop0
legendary
Activity: 1288
Merit: 1080
October 21, 2010, 02:48:54 PM
#1
I guess this could be in the wiki but I post it here first.

I've recently looked for a free alternative to TrueCrypt.

On my Debian system, I've found ecryptfs.  It seems nice because it doesn't require you to encrypt a whole partition.

First, install the package :

apt-get install ecryptfs-utils

Then, create a ~/Private directory.

Setup this directory as your encrypted directory with the command :

ecryptfs-setup-private

(you may need to load the ecryptfs module with modprobe or something)

You will be prompted for your login password and for a optionnal mount password.  Using only your login password is easier since it will save you the typing of an additionnal password.

Relog.

Move your wallet.dat file in your Private directory, and make a symlink :

mv .bitcoin/wallet.dat Private
ln -s $HOME/Private/wallet.dat .bitcoin

That's about it.

You can unmount your private dir with the ecryptfs-umount-private command.

This directory can be used for other sensitive files, such as .fetchmailrc, .ssh/id_dsa, .gnupg and so on.



Jump to: