< Previous | Contents | Next >
6.2. Automatically Mounting Encrypted Partitions
There are a couple of ways to automatically mount an ecryptfs encrypted filesystem at boot. This example will use a /root/.ecryptfsrc file containing mount options, along with a passphrase file residing on a USB key.
First, create /root/.ecryptfsrc containing:
key=passphrase:passphrase_passwd_file=/mnt/usb/passwd_file.txt ecryptfs_sig=5826dd62cf81c615
ecryptfs_cipher=aes ecryptfs_key_bytes=16 ecryptfs_passthrough=n ecryptfs_enable_filename_crypto=n
Adjust the ecryptfs_sig to the signature in /root/.ecryptfs/sig-cache.txt.
Next, create the /mnt/usb/passwd_file.txt passphrase file:
passphrase_passwd=[secrets]
Now add the necessary lines to /etc/fstab:
/dev/sdb1 /mnt/usb ext3 ro 0 0
/srv /srv ecryptfs defaults 0 0
Make sure the USB drive is mounted before the encrypted partition. Finally, reboot and the /srv should be mounted using eCryptfs.