cryfs
cryfs copied to clipboard
cryfs
cryfs in /etc/fstab?
Can cryfs be mounted via /etc/fstab?
Presumably with some form of 'fuse.cryfs'? Also presumably using some system defined askpass program? (Since there's no way to know where / what / when the mount request will happen.)
(And could the answer be added to the readme / man cryfs? Would save endless googling, and not end up buried in a closed issue [when done].)
I was looking for a way to auto-mount a cryfs directory, with password stored in a file instead of typing in.
This is for a hard drive which is already encrypted so no concerns about storing password. The cryfs data is kept to sync to the cloud only.
just makes it one less step when logging in each time.
Please advise.
thanks
This should work:
mount -t fuse.cryfs basedir mountdir
But it will ask you for a password on the command line, so it doesn't work with /etc/fstab.
For auto-mounting, a couple of the GUI solutions for CryFS provide this feature (Plasma Vault, SiriKali).
Is there a way to forward arbitrary arguments from /etc/fstab to the file system call? There's a PR adding a --extpass option to CryFS, maybe that helps? https://github.com/cryfs/cryfs/pull/314
Thanks on that.
One should then be able to create an auto-start entry, along the lines of:
[{your favourite}sudo] mount -t fuse.cryfs basedir mountdir -o {whatever} [<<< somefile] or pgp {something or other} | mount -t fuse.cryfs basedir mountdir -o {whatever}
e.g. qtpass {mykey} | mount -t fuse.cryfs /mnt/user/${USER}/dir.encrypted ~/dir.decrypted
-
no doubt I have the above <<< syntax wrong for a here doc that automatically makes a file the source for stdin.
-
pick your favourite way of being prompted at gui login time for a password [Without which there is no way to respond to the command line mount request for the password.]
Or use 'cryfs' instead of mount, or 'fusermount', etc..
Guess it would be useful if cryfs / systemd could deal with things at boot time.
a la systemd.link files?
e.g. initramfs will ask for crypttab passwords at boot time. There are systemd automount facilities (can't find a good explanatory link at the moment) for automounting crypted after initramfs via /etc/fstab lines - could be useful if there were a cryfs systemd automount equivalent.
Yes, adding such a script to your KDE/Gnome autostart scripts would ask you for the password at boot time and then mount the file system. Systemd might work too but if you want to display a gui window for password entry, you have to make sure it runs after KDE/Gnome is ready. Inittamfs can probably also made to work somehow, but would be harder because you need to include the cryfs executable and some dependencies like the fuse kernel module into your image.
Changelog says version 0.10.0 supports mount using /etc/fstab. Is there any description or documentation how to pass a file containing password?
Hm that changelog was maybe overly optimistic. What it did is make mount -t fuse.cryfs basedir mountdir work and, technically, that's also required for making /etc/fstab work. But, as you noticed, there is currently no way to add the password to /etc/fstab.
I would be open to reviewing and merging a PR that adds this to CryFS. One way to do it might be to add a -o passfile=XXX option that can then be added as a filesystem option to fstab. I'm actually not sure whether fuse would or would not forward those arguments to CryFS, so it might or might work, but is likely worth a shot.
Without direct CryFS support, you might be able to achieve something similar by writing a small bash script file that just sets the CRYFS_FRONTEND=noninteractive environment variable, calls CryFS, forwards all its arguments and writes the password to CryFS' stdin. Then add that script as filesystem type to /etc/fstab instead of adding cryfs.