You are not logged in.
I'm upgrading harddisks and would like to backup my system to external storage and restore it on the new disk
This is the high level plan:
1. use ecryptfs to create an encrypted directory on a mounted external stroage device
2. mount ecryptfs directory
3. use rsync to make a backup into the ecryptfs directory
4. swap harddisks
5. use an arch live usb to encrypt and partition new disk (LVM on LUKS)
6. mount external storage and mount encrypted ecryptfs on the storage
7. restore system with rsync
Is this the way to do it?
After reading a little on ecryptfs, it seems like the passphrase and keys I create work only for the current kernel using ecryptfs (adds to the kernel key ring). So my understanding is that if I try to decrypt and mount the ecryptfs using a live arch usb, I won't be able to.
Any clarification of the process would be of great help! Thank you
Offline
Any particular reason you're planning to use eCryptfs for the backup and LUKS for the actual system when you could use LUKS for both?
After reading a little on ecryptfs, it seems like the passphrase and keys I create work only for the current kernel using ecryptfs (adds to the kernel key ring). So my understanding is that if I try to decrypt and mount the ecryptfs using a live arch usb, I won't be able to.
I'm not sure whether this is how it works. Could you show us the documentation which led you to this conclusion please?
Claire is fine.
Problems? I have dysgraphia, so clear and concise please.
My public GPG key for package signing
My x86_64 package repository
Offline
Any particular reason you're planning to use eCryptfs for the backup and LUKS for the actual system when you could use LUKS for both?
No particular reason for ecryptfs. I believe my two options are ecryptfs and encfs as described in the disk encryption comparison table: https://wiki.archlinux.org/index.php/Di … ison_table
trillian wrote:After reading a little on ecryptfs, it seems like the passphrase and keys I create work only for the current kernel using ecryptfs (adds to the kernel key ring). So my understanding is that if I try to decrypt and mount the ecryptfs using a live arch usb, I won't be able to.
I'm not sure whether this is how it works. Could you show us the documentation which led you to this conclusion please?
I'm also not very familiar with keyrings and how the kernel manages it, or whether it's possible to do what I want with ecryptfs.
http://manpages.ubuntu.com/manpages/uto … ase.1.html
Offline
Hmm... Have you read the ArchWiki about eCryptfs?
What you proposed should be doable, probably with the ecryptfs-simple package,
Last edited by clfarron4 (2014-12-13 20:40:07)
Claire is fine.
Problems? I have dysgraphia, so clear and concise please.
My public GPG key for package signing
My x86_64 package repository
Offline
Hmm... Have you read the ArchWiki about eCryptfs?
What you proposed should be doable, probably with the ecryptfs-simple package,
Yes I have read it, but I seemed to gloss over the ecryptfs-simple section. I believe that's what I want. Thanks for pointing it out!
There's a warning by the ecryptfs-simple maintainer recommending encfs over ecryptfs saying that ecryptfs has had data loss. Encfs has some security vulnerabilities from a recent audit: https://defuse.ca/audits/encfs.htm. Although, I don't believe it will affect my one-time use of it.
I will use ecryptfs-simple.
Offline