Crypto Cloud

You can enable data encryption on your volumes. The encrypted data is then visible only in the virtual machine (VM); outside of the VM, it is unreadable.

3DS OUTSCALE advises its customers to use data encryption. Customers are responsible for enabling data encryption on their own volumes.

This procedure uses two directories. The first one, /encfs, is where the physical volume is mounted and the encrypted data is stored. The second one, /crypto, is a directory containing only the files encrypted and decrypted on the fly for the user.

Encrypting your data

Before you begin:

  1. Mount a device under an intermediate directory, using the following commands:

    $ mkdir /encfs
    $ mount /dev/xvds /encfs
  2. Create the directory to encrypt, using the following commands:

    $ mkdir /crypto
    $ encfs --public /encfs /crypto
    • The first time you use the above command, EncFS asks for a password to protect the volume.

    • The --public option enables all users to use the directory.

    Your volume is encrypted.

    To mount the directory after a reboot, use the following commands:

    $ mount /dev/xvds /encfs
    $ encfs --public /encfs /crypto

    The system will prompt for the password. To use another program to fill the password prompt, you can use the --extpass=<program name> option.

    To simplify the usage of your encrypted volume, you can create a script called smount for example, using the following code:

    mkdir -p /encfs/$1
    mount $1 /encfs/$1
    /usr/bin/encfs --public /encfs/$1 $2

    The above code forces the public mode and does not allow other options. It can be enhanced in many ways.

    To use the above script, type the following command:

    $ smount <device> <directory>

Related Page