Gocryptfs-Sapelo2: Difference between revisions
(Created page with "Category:Sapelo2Category:SoftwareCategory:Other === Category === Other === Program On === Sapelo2 === Version === 2.5.2 === Author / Distributor === Please see https://nuetzlich.net/gocryptfs/ === Description === Gocryptfs is an implementation of an encryption overlay filesystem, which uses file-based encryption that is implemented as a mountable FUSE filesystem. For more details see *[https://nuetzlich.net/gocryptfs/ gocryptfs homepage] *...") |
No edit summary |
||
| Line 37: | Line 37: | ||
ml gocryptfs/2.5.2 | ml gocryptfs/2.5.2 | ||
</pre> | </pre> | ||
2. Create two folders | |||
*data_enc, which will store the encrypted files. | |||
*data_unenc, which will present an unencrypted view of the files, when needed. | |||
Sample commands to do that in your /scratch dir: | |||
<pre class="gcommand"> | |||
$ cd /scratch/$USER | |||
$ mkdir data_enc | |||
$ mkdir data_unenc | |||
</pre> | |||
Note that the $ (dolar sign) in the sample above represents the shell prompt and are not part of the commands to use. | |||
3. Initialize the data_enc directory with a password | |||
<pre class="gcommand"> | |||
$ cd /scratch/$USER/ | |||
$ gocryptfs -init data_enc | |||
Choose a password for protecting your files. | |||
Password: | |||
Repeat: | |||
Your master key is: | |||
3d67df93-e68eaddf-ca1f8da7-847b2fd1- | |||
d63f3366-7858b60e-de5acb56-99a388e0 | |||
If the gocryptfs.conf file becomes corrupted or you ever forget your password, | |||
there is only one hope for recovery: The master key. Print it to a piece of | |||
paper and store it in a drawer. This message is only printed once. | |||
The gocryptfs filesystem has been created successfully. | |||
You can now mount it using: gocryptfs dir.encrypted MOUNTPOINT | |||
</pre> | |||
When you run this initialization step, gocryptfs provides us with the master key that can be used to restore access to the data files, especially useful in case the password is lost. | |||
You should keep the master key safe, never store it unencrypted on the platform itself. | |||
After initialization, the data_enc directory contains two internal configuration files: | |||
* gocryptfs.conf is the global configuration for the encrypted directory | |||
* gocryptfs.diriv is created per-directory for encryption of file names | |||
Note that you should never modify (any) files within the data_enc directory. | |||
4. Mount the data_enc directory into the data_unenc directory | |||
To be able to read and write files, the data_enc storage needs to be mounted into the data_unenc directory. | |||
<pre class="gcommand"> | |||
$ cd /scratch/$USER | |||
$ gocryptfs data_enc data_unenc | |||
Password: | |||
Decrypting master key | |||
InoMap: opening spillMap for inomap.QIno{namespaceData:inomap.namespaceData{Dev:0xdd2a3a22, Tag:0x0}, Ino:0x24001749000989f} | |||
Filesystem mounted and ready. | |||
<pre> | |||
When prompted for the "password", enter the password that you choose when you initialized the data_enc directory (in step 3 above). | |||
Revision as of 16:18, 20 March 2025
Category
Other
Program On
Sapelo2
Version
2.5.2
Author / Distributor
Please see https://nuetzlich.net/gocryptfs/
Description
Gocryptfs is an implementation of an encryption overlay filesystem, which uses file-based encryption that is implemented as a mountable FUSE filesystem.
For more details see
Running Program
To use gocryptfs on Sapelo2, you need to do the following steps:
1. Load the gocryptfs module with
ml gocryptfs/2.5.2
2. Create two folders
- data_enc, which will store the encrypted files.
- data_unenc, which will present an unencrypted view of the files, when needed.
Sample commands to do that in your /scratch dir:
$ cd /scratch/$USER $ mkdir data_enc $ mkdir data_unenc
Note that the $ (dolar sign) in the sample above represents the shell prompt and are not part of the commands to use.
3. Initialize the data_enc directory with a password
$ cd /scratch/$USER/
$ gocryptfs -init data_enc
Choose a password for protecting your files.
Password:
Repeat:
Your master key is:
3d67df93-e68eaddf-ca1f8da7-847b2fd1-
d63f3366-7858b60e-de5acb56-99a388e0
If the gocryptfs.conf file becomes corrupted or you ever forget your password,
there is only one hope for recovery: The master key. Print it to a piece of
paper and store it in a drawer. This message is only printed once.
The gocryptfs filesystem has been created successfully.
You can now mount it using: gocryptfs dir.encrypted MOUNTPOINT
When you run this initialization step, gocryptfs provides us with the master key that can be used to restore access to the data files, especially useful in case the password is lost.
You should keep the master key safe, never store it unencrypted on the platform itself.
After initialization, the data_enc directory contains two internal configuration files:
- gocryptfs.conf is the global configuration for the encrypted directory
- gocryptfs.diriv is created per-directory for encryption of file names
Note that you should never modify (any) files within the data_enc directory.
4. Mount the data_enc directory into the data_unenc directory
To be able to read and write files, the data_enc storage needs to be mounted into the data_unenc directory.
$ cd /scratch/$USER
$ gocryptfs data_enc data_unenc
Password:
Decrypting master key
InoMap: opening spillMap for inomap.QIno{namespaceData:inomap.namespaceData{Dev:0xdd2a3a22, Tag:0x0}, Ino:0x24001749000989f}
Filesystem mounted and ready.
<pre>
When prompted for the "password", enter the password that you choose when you initialized the data_enc directory (in step 3 above).
*Version 3.9.1 is installed in /apps/eb/Cytoscape/3.9.1-Java-11
To use version 3.9.1, please first load the module with
<pre class="gcommand">
ml Cytoscape/3.9.1-Java-11
This program has a graphical interface. Please refer to Run interactive Jobs and Run X window Jobs.
To run this program in an interactive session using the graphical front end: Start an X terminal (Mac), X window (Windows) at the local computer first, then
interact -x11 ml Cytoscape/3.9.1-Java-11 Cytoscape [options] exit
To run as a batch job, you might have to create a script file with the cytoscape execution commands.
Example of a job submission script sub.sh to run a batch job (note: this is not the cytoscape execution command script):
#!/bin/bash #SBATCH --job-name=jobname #SBATCH --partition=batch #SBATCH --mail-type=ALL #SBATCH --mail-user=username@uga.edu #SBATCH --ntasks=1 #SBATCH --mem=4gb #SBATCH --time=04:00:00 #SBATCH --output=%j.out #SBATCH --error=%j.err cd $SLURM_SUBMIT_DIR ml Cytoscape/3.9.1-Java-11 cytoscape.sh [options]
where [options] need to be replaced by the options (command and arguments) you want to use. Other parameters of the job, such as the maximum wall clock time, maximum memory, and the job name need to be modified appropriately as well.
Example of submission to the queue:
sbatch ./sub.sh
Documentation
Installation
Code downloaded from
System
64-bit Linux