The script then unmounts the encrypted directories, performs cleanup, and exits. When the user logs out the sleeping script gets a SIGTERM (15) signal which is intercepted. It executes upon login and mounts the encrypted directories with a password from the user's keychain. To solve the login/logout problem I created a script which handles both. ![]() encrypted/Vault mkdir -p Documents/Vault encfs ~/.encrypted/Vault ~/Documents/Vault. Then run the encfs command and follow the instructions. Make a directory where the encrypted files will be stored, and one which will be the mount point in which the decrypted versions of the files will appear. Solutionįirst we create the encrypted directory. I also wanted any scripts to be stored and executed in userspace. I wanted a solution where the password was administered by the user and stored in his private keychain. The reason is that the user's private keychain isn't unlocked yet at that point. That is a nice solution, but in order for the keychain password to be accessible when the hook processes execute it must be placed in a public keychain. One of them is to use login/logout hooks as documented here. The whole process should be completely transparent to the user and there are several ways to achieve this. The goal is to mount encrypted directories on login and unmount them on logout. Thankfully Patrick Stein has created a Homebrew formula, encfsmacosxfuse.rb, that compiles encfs against OSXFuse. ![]() Using Homebrew would be preferable, but the Homebrew encfs package relies on fuse4x which is the predecessor of OSXFuse. Now we must get EncFS itself, but finding a build compatible with OSXFuse isn't easy. Previous method: EncFS requires FUSE so download and install OSXFuse (MacFuse successor). ![]() Fortunately an easy solution is to install everything with Homebrew as described in this blog post: brew install osxfuse brew install The installation method described in this post doesn't work with OS X 10.9 and Xcode 5. Personally I also like that with EncFS the encrypted files are stored in the filesystem as normal, you get the ability to use different encryption on different parts of the filesystem, and backup is straightforward. Mac OS X comes with FileVault, so why use EncFS instead? Well, FileVault has a few drawbacks that are summed up here. Note: With OS X 10.8 my original post about using encfs has become slightly dated. Encrypt Directories With EncFS on Mac OS X 10.8
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |