I am trying to use fscrypt to encrypt then be able to mount and umount it
Then fscrypt unlock <mountpoint> to access it
I have been unable to do so in that after I mount the drive and setup
fscrypy I then have to create another directory under the mount point.
The USB drive was formatted like this:
mkfs.ext4 -O encrypt /dev/sdd1
Here is what I did, logged in as root:
mount /dev/sdd1 /home/fscrypt
fscrypt setup
fscrypt encrypt /home/fscrypt
[ERROR] fscrypt encrypt: Directory "/home/fscrypt" cannot be encrypted
because it is non-empty.
Ok I get that so.........
rm -r /home/fscrypt/lost+found
Try Again......................
fscrypt encrypt /home/fscrypt
[ERROR] fscrypt encrypt: filesystem /home/fscrypt is not setup for use
with fscrypt
Run "sudo fscrypt setup /home/fscrypt" to use fscrypt on this filesystem.
Alright.........................
fscrypt setup /home/fscrypt/
Allow users other than root to create fscrypt metadata on this
filesystem? (See
https://github.com/google/fscrypt#setting-up-fscrypt-on-a-filesystem)
[y/N] Y
Metadata directories created at "/home/fscrypt/.fscrypt", writable by
everyone.
root@scott:/home/fscrypt# fscrypt encrypt /home/fscrypt
[ERROR] fscrypt encrypt: Directory "/home/fscrypt" cannot be encrypted
because it is non-empty.
Files cannot be encrypted in-place. Instead, encrypt a new directory,
copy the
files into it, and securely delete the original directory. For example:
mkdir "/home/fscrypt.new"
fscrypt encrypt "/home/fscrypt.new"
cp -a -T "/home/fscrypt" "/home/fscrypt.new"
find "/home/fscrypt" -type f -print0 | xargs -0 shred -n1
--remove=unlink
rm -rf "/home/fscrypt"
mv "/home/fscrypt.new" "/home/fscrypt"
Caution: due to the nature of modern storage devices and filesystems, the
original data may still be recoverable from disk. It's much better to
encrypt
your files from the start.
ls -hal /home/fscrypt
total 12K
drwxr-xr-x 3 scott scott 4.0K Nov 27 11:52 .
drwxr-xr-x 4 root root 4.0K Nov 27 11:09 ..
drwxr-xr-x 4 root root 4.0K Nov 27 11:52 .fscrypt
I am missing something here.........
Is there a way to do this so I have a USB drive encrypted using fscrypt
that I can mount the fscrypt unlock it?
