I have a directory of text files under bazaar version control and keep a copy (a branch, actually) on each of my machines. I want to encrypt and unencrypt the directory via the command line.
Ideally, I would also be able to have a script run at logout to check if the directory is encrypted and encrypt it if not, all without user intervention. I do not, however, want the dir to be decrypted on login. (I want the script as a guard against forgetting to encrypt manually. This is especially important for the netbook.)
I'm running ubuntu 10.04.1 and two versions of crunchbang linux, one a derivative of ubuntu 9.04, the either of a late June snapshot of the Debian Squeeze repos.
What is the best way to do this?
(I tried to tag with encryption and directories, but lack the rep to create a tag.)
Best Answer
Do you have administrative access to the machines? One could use an encrypted loopback device. Example:
make a container file for the encrypted fs:
bind container file to loopback device 0:
create encrypted device (-y asks for passphrase twice; line split by
\):create ext2 filesystem on encrypted device (can use anything really):
mounts encrypted filesystem to crypt directory:
For reference:
Also, read up on cryptography best practises, for information on choosing cipher and key lengths to use, etc.