Home / ubuntu / Questions / 976297
In Process
Sam Van den Eynde
Asked: 2017-11-15 03:51:29 +0800 CST

Using ecryptfs "the other way around"?

  • 772

If I have two folders E en D and a passphrase P, in a typical ecryptfs setup I would something like this:

  • I setup folder E to be the encrypted version of folder D, using passphrase P to do the encryption/decryption.
  • Folder E stores the actual data to disk, encrypted.
  • Folder D is my live interface as a user, representing the data to me, decrypted on the fly.

But, can I also use this the other way around?

  • I still set up folder E as the encrypted version of folder D, using passphrase P as the key for encryption.
  • However, I interact directly using folder E. Folder E contains from my perspective as a user, my regular "decrypted" data.
  • Folder D considers E as being encrypted, and represents a live view of that data "decrypted" using passphrase P, actually encrypting it in the process.
  • I would be able to use folder D as the primary source for a backup of my data in folder E to a public cloud provider.

Any thoughts?

ecryptfs

2 Answers

  1. As far as I could test ecryptfs does not support a feature as encfs does: Filesystem that gives an encrypted view of a directory—the inverse of EncFS still seems to be the way to go.

    I wanted to "avoid" encfs because of some security fuzz around it, but I assume it is better than plain data anyway.

    • 0

  2. Assuming you don't want the added space of an encrypted backup folder just using eCryptfs, you might want to look into CryFS.

    It seems to be designed with cloud storage in mind, attempting to hide all file & directory metadata. Sounds similar to taking a LUKS container and storing each individual block as a file (but probably using clumps of blocks, to avoid millions of 512-byte files).

    It's in the Debian (Stretch/Stable[9], Buster/Testing[10], Sid) & Ubuntu (Zesty[17.04], Artful[17.10] & Bionic[18.04]) repositories, while their webpage has downloads for some older versions.

    I'm not 100% sure if it supports the --reverse view of EncFS you seem to be indirectly looking for, but the could software I found for linux all makes a local copy of the cloud files anyway, so again you'd have an encrypted "backup" folder.

    • 0