On Tue, 8 Mar 2011 00:06:28 -0500 si...@mungewell.org wrote: | | > (It was the copying of ~/.encfs6.xml to /externaldrive/backup_enc that | > had me stumped.) | | There is a trick to specify an alternate location for the encfs.xml file, | which means that it doesn't need to be placed with the encrypted data. | | http://www.mail-archive.com/encfs-users@lists.sourceforge.net/msg00053.html | | Simon
Yes you feed the .encfs6.xml configuration to encfs using the value of the $ENCFS6_CONFIG environment variable. If you set this variable to a temporary named pipe you can even feed the XML from a alternative data source, rather than a actual real file stored on disk. Once read the named pipe can be deleted as it is only read once. ASIDE: encfs will read the xml config file first, before reading password, that can be important for script that is a wrapper around the encfs command. Note also that the password you use can be different to the one used to generate the .encfs6.xml using the --anykey option, and can also be feed to encfs via a pipeline using --stdinpass option. I combined that all that so that I can save the encfs6.xml file with the 'master password' and even the encfs command I am running to do the mount, and where the data is to come from, in separate user password protected encrypted file. This means that all the details used to encrypt my partition, including a long purely binary password for the actual encryption, its salt and all the other 'public' information used by encfs, is not actually available to hackers. In addition the filename holding this encrypted data looks like a encfs data filename, even though it actually isn't! I could hide it in other encfs files an no one would be wiser, though I don't depend on it. The whole thing is controlled by a single perl script, "ks" which is short for "key store" as I have multiple encfs data stores, and use the same system for other non-encfs data encryption too. See http://www.ict.griffith.edu.au/~anthony/software/#ks Anthony Thyssen ( System Programmer ) <a.thys...@griffith.edu.au> -------------------------------------------------------------------------- You are caught in a maze of twisty little Sendmail rules, all obscure. -------------------------------------------------------------------------- Anthony's Castle http://www.ict.griffith.edu.au/anthony/ ------------------------------------------------------------------------------ What You Don't Know About Data Connectivity CAN Hurt You This paper provides an overview of data connectivity, details its effect on application quality, and explores various alternative solutions. http://p.sf.net/sfu/progress-d2d _______________________________________________ Encfs-users mailing list Encfs-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/encfs-users
