Monday, June 7, 2010

Encryption for online backup services

4:07 PM |

Encryption for online backup services

This is a guide on how to use encryption with the encfs in online backup services like dropbox and Ubuntu one. I guess it can be used for other online backup services.
Encfs is used because it is pass through. This means that the encryption is happening per file, allowing us to change files without the need to upload the hole block device.
The block device is represented as a file. When using this method, of one block device, the online backup service sees only that file, resulting uploading the hole file again for a small change (changing a file of some KB for example).
(I am not aware if a service does this 'byte wise' or 'block wise', that is to upload only the changes.
The instructions:
1. Set up the online back up service, I will use as example Ubuntuone.
Create the account in ubuntuone website and install the client.
sudo apt-get install ubuntuone-client

2. Install encfs and fuse-utils (fuse-utils allows userspace programs to export a virtual filesystem).

sudo apt-get install encfs fuse-utils

3. Create the directory that you want to be encrypted in the online backup service directory and the directory you want to see the unencrypted data. (the second will not be in the backup service directory of course!)

cd ~
mkdir Ubuntu\ One/encrypted/
mkdir Ubuntu_secure/

4. Create the partition.

encfs /home/[your username]/Ubuntu\ One/encrypted/ /home/[your user name]/Ubuntu_secure
Change [your username] with your username!
The first time it will create the filesystem and it will ask you for a password (twice).
Every other time, this command will mount your partition asking you your password (once).
You can now see a new device. Copy you data there and see the folder ~/Ubuntu One/encrypted/ to fill with encrypted data!

5. To unmount the volume you do:

fusermount -u /home/[your username]/Ubuntu_secure

In any other system you go and set up the online backup service, you will have your files encrypted. You need to have encfs and fuseutils installed. Encfs will see the encfs6.xml (maybe other name in other systems), and mount the partition providing the correct password.

Do it automatic with a script!
You can mount/unmount the encrypted data automaticly with a script!
The script:

volume="/home/[your username]/encrypted"
if [ -d $volume ]; then
if mount | grep "on $volume type" > /dev/null; then
fusermount -u /home/[your username]/Ubuntu_secure
echo "Drop Box encrypted partition unmounted"
sleep 1
encfs /home/[your username]/Ubuntu\ One/encrypted/ /home/[your username]/Ubuntu_secure
echo "Drop Box encrypted partition mounted"
sleep 1
echo "Directory doesn't exist, do: mkdir $volume"
sleep 2

Copy this code in a file in your home directory for example. Change it to your needs. Make the script executable:

cd ~
chmod +x

The script checks if the volume is mounted. If it is, it unmounts it. If it's not, it mounts it (will ask you for password).
If the mount point doesn't exist, it will tell you how to create it.
You run it by double clicking and selecting 'Run in terminal', or from the console with

cd ~

Call the script from a launcher
You can also make an application launcher in gnome panel to run your script. The command of the launcher can be:

xterm -geometry 45x3+0+0 -bg black -fg red /home/manos/
The option -bg is the background colour and -fg the characters colour. In the -geometry is the placement/size of the window, this is top left.
For more information on how to run xterm the way you like it:

man xterm

Leave A Comment