Monthly Archives: October 2021

My 2021 Olive production.

Extra Virgin Olive oil - Azeite - Good enough to eat on it's own

It’s been all change with the olives. I didn’t attempt to combine with anyone this time round.

green olives in a sack, azeitonas, Belmonte, Luz de Tavira
Azeitonas verde - green olives

So the only olives I harvested were my own. I picked these mid October.

The four main olive trees that I have, produced a very good bi-annual harvest as expected. They were the main contributors to the 157 kg that I collected to have pressed for olive oil. These produce green olives. I still have no idea as to their variety. I have young olive trees and a few not pruned large olive trees. These contributed about 15 kgs to this total. The 15kgs were a mixture of black and green olives. One of the varieties is the ‘cornicabra’.

green olive tree, azeitonas verde, Belmonte, Luz de Tavira, Portugal
Oliveira grande - one of the big olive trees

I picked my olives mid October and essentially picked them by hand. I found this works better for me and is more conducive to a state of zen. When I got tired of the silence I tuned in on the portable radio 🙂 I had to bash the olives which were higher up with a long cane. It went well. Because of limited time I have ended up leaving about 25% in the field. This is fine. I am happy my work efficiency and finished in a week. For my efforts I got 17 litres of olive oil. extra virgin olive oil, Azeite virgem This will keep me in oil for a year, so I am pleased. I was reluctant to collect more this year due to difficulties in arranging transportation.

I got my olives pressed at Lagar Santa Catarina, Afra & Rocha Limitada. My olives got thrown into the mix with other mainly small holdings growers. The Lagar gives you your olive afterwards. I am not sure how much of the oil the Lagar retain for their work input. I didn’t ask this time round. I think it is 25%. The oil produced by the lagar is of Extra Virgin quality and is, as always, very good.Lagar Santa Catarina

Pepe Bewnelli, 50cc, 2 stroke engine, two wheel transport, olives on a bike,  Belmonte, Luz de Tavira, Algarve, Portugal
O Pepe com as azeitonas - O Pepe being used as a work horse.

Pickled olives are nice to eat. Which you are waiting for your other dishes to cook. So about 3 weeks before the main harvest I picked some for pickling.

azeitonas consevada, pickled olives, Belmonte, Luz de Tavira, Algarve, Portugal
Pickled olives - azeitonas conservada.

That about wraps up my olive productivity for the year. I will for the rest of the year carry on with pruning and transplanting what the olive trees I have. I do have 100-150 young olive trees for sale if anyone wants some. Of the mainly Cobrançosa variety. A bargain at three euros a tree. Strictly by appointment 🙂 Thank you.

Encryption with eCryptfs on Linux

Introduction

eCryptfs is a POSIX-compliant enterprise cryptographic "stacked" filesystem for Linux. Please note that eCryptfs is not a partition/ disk encryption subsystem like "Veracrypt".

eCryptfs is a stacked filesystem that can be mounted on any directory and on top of the main file system.

Using eCryptfs, we can easily create an encrypted directory to store confidential data and mount it on any directory. Although it is good practice for the mount path to match the path of the underlying file system.

No separate partition or pre-allocated space is actually required. eCryptfs should work well on local filesystems such as EXT3, EXT4, XFS, JFS and ReiserFS etc.

eCryptfs also supports networked filesystems such as NFS, CIFS, Samba and WebDAV, but not does not have full functionality as it was designed to work with local filesystems.

It stores the cryptographic metadata in the headers of files, so the encrypted data can be easily moved between different users and even systems. eCryptfs has been included in Linux Kernel since version 2.6.19.

Installation

I have only tested it on Ubuntu 18.04 which runs on the 5.4.0-87-generic kernel obtained by running

$ uname -r

5.4.0-87-generic

To enable an utilize Ecryptfs install ecryptfs-utils

$ sudo apt install ecryptfs-utils

How to use Ecryptfs

The method below explains how to encrypt a folder called temp2 located at /home/zephyr/temp2

Open terminal and run the following:

$ sudo mount -t ecryptfs /home/zephyr/temp2 /home/zephyr/temp2

Passphrase: ← enter your passphrase

Select cipher:

1) aes: blocksize = 16; min keysize = 16; max keysize = 32

2) blowfish: blocksize = 8; min keysize = 16; max keysize = 56

3) des3_ede: blocksize = 8; min keysize = 24; max keysize = 24

4) twofish: blocksize = 16; min keysize = 16; max keysize = 32

5) cast6: blocksize = 16; min keysize = 16; max keysize = 32

6) cast5: blocksize = 8; min keysize = 5; max keysize = 16

Selection [aes]: 1 ← selected

Select key bytes:

1) 16

2) 32

3) 24

Selection [16]: 1 ← selected

Enable plaintext passthrough (y/n) [n]: n ← selected

Enable filename encryption (y/n) [n]: n ← selected

Attempting to mount with the following options:

ecryptfs_unlink_sigs

ecryptfs_key_bytes=16

ecryptfs_cipher=aes

ecryptfs_sig=015fa84ce5a1043d

Mounted eCryptfs

temp2 is now and encrypted folder. Any files and folders moved into it or created in it, will be automatically encrypted.

It is very important to remember your passphrase to be able to access your eCryptfs encrypted files and folders. It is also advisable to make note of your encryption settings for future mounting/access of your encrypted file/directory. Choose a password of 14 characters long made up of 3 random words. This is easier to remember and still secure. You can add symbols and numbers to it increase the strength of the passphrase.

A signature file named "sig-cache.txt" will be created under "/root/.ecryptfs/" directory. This file is used to identify the mount passphrase in the kernel keyring. It is a read only file except for the root user. I suggest saving a copy with a .bak extension as the signature number for each encrypted and mounted folder. It is a good reference to have.

Accessing your encrypted data.

Each time you reboot your system the encrypted volume will be dismounted and you will not be able to access your encrypted data.

To access your data you have to remount the encrypted volume with:

$ sudo mount -t ecryptfs /home/zephyr/temp2 /home/zephyr/temp2

After which Terminal pops up prompting you for your passphrase

passphrase to be entered in Gnome Terminal to access folders(files/ encrypted with ecryprtfs. Zephyr Rodrigues, Belmonte, Luz de Tavira, Portugal
type in your passphrase

The problem with this is that you have to enter all the encryption options each time.

Automating the mount process

My solution to this is make an executable .sh file with a text editor. I use the default, gnome, gedit text editor

In this example, I have called it mount_temp2.sh

Paste the following code into it. Use whatever options you chose when you encrypted the file/folder.

#!/bin/bash $ sudo mount -t ecryptfs -o ecryptfs_cipher=aes,ecryptfs_key_bytes=16,ecryptfs_passthrough=no,ecryptfs_enable_filename_crypto=no /home/zephyr/temp2 /home/zephyr/temp2

Save mount_temp2.sh

Right click, on the file in File Manager, go to the Permissions tab and tick the box “Allow executing file as a program”

Ubuntu 18.04, File Manager, Make executable, Zephyr Rodrigues, Belmonte, Luz de Tavira, Algarve , Portugal

Next with your Text Editor, create a new executable file.
Call it run_mount_temp2.sh for example.
Paste the following code into it.

#!/bin/bash #start terminal and mount encrypted temp2 folder gnome- terminal -- sh -c './mount_temp2.sh'

Make it executable as described previously. Now when you start your system, simply double click on

run_mount_temp2.sh

this it will call Terminal and prompt you to enter your passphrase. After entering the correct passphrase you will be granted full access to your encrypted folder and files within.

Automating the dismount process

You can dismount (unmount) your encrypted folder at any time to make it inaccessible. By default

to unmount an encrypted drive manually, open Terminal an run

sudo umount /path/to encrypted/folder

so, in my test case it is

sudo umount /home/zephyr/temp2

To Automate unmount/dismount:

Create an executable file (refer to ‘Automating the mount process’ for the steps) called

unmount_temp2.sh and in it enter the following code. Paths and folders should match your own.

#!/bin/bash sudo umount /home/zephyr/Documents echo "Dismounting Documents folder.."; sleep 5;

Next create the run file that will open Terminal and run the previous created executable.

Create an executable file called run_unmount_temp2.sh

Enter the following code into it:

#!/bin/bash #start terminal and unmount encrypted temp2 folder gnome-terminal -- sh -c './unmount_temp2.sh'

Double clicking on run_unmount_temp2.sh will run Terminal and execute the command to unmount the encrypted folder

Notes on Automation

All the automation files should be in the same folder/directory

The folder/directory containing the automation files should not be encrypted.

Creating an encrypted folder on a USB drive

On your Linux machine format a USB stick with ext4 file system. The USB stick will only be accessible to machines with Linux operating systems.

In this example I have given the USB stick a Volume Label called “SECRET”.

Whenever you plug in this USB stick it will be mounted as “SECRET” by the operating system.

Next create a folder on “SECRET”. I called mine temp3.

Next mount and encrypt the temp3 folder by running the following command in Terminal. The path name should start with media/home directory name/usb volume name on a standard Ubuntu 18.04 install.

$ sudo mount -t ecryptfs /media/zephyr/SECRET/temp3 /media/zephyr/SECRET/temp3

The steps to automate are the same as described earlier on.

Note: Verify the volume name for the usb that you use in your scripts is correct and matches the one shown in Terminal when you type df .

In Conclusion

To further automate the mount process you could utilize the Startup Applications Preferences app

Start Program App to start ecryptfs .sh type executables at computer startup. Ubuntu 18.04
Start Program App

which comes pre-installed on Ubuntu 18.04 . This allows configuring applications to run automatically when logging in to your desktop. So just add the run_mount_temp2.sh example to the list of startup apps.

In the Command: field you need to enter bash U% followed by the path to your .sh executable.

bash %U /path/to/file/run_mount_temp2.sh

Alternatively you can create a .desktop file in /home/your home directory/.config/autostart . So for example mount_documents.desktop with the following code in it.

[Desktop Entry]
Type=Application
Exec= bash %U /home/zephyr/Desktop/batch/ecryptfs_batch/ecryptfs_mount_Documents.sh
Terminal=true
Hidden=false NoDisplay=false X-GNOME-Autostart-enabled=true Name[en_GB]=mount-documents.desktop Comment[en_GB]="mount encrypted Documents"

One quirk I noticed is that ecryptfs will allow you to carry on mounting your encrypted volume with an incorrect passphrase and proceed to create a new signature for it but you won’t be able to access your encrypted files and folders. Ecryptfs does warn you first that the passphrase you have entered maybe be incorrect and do you want to proceed with the mount. Best to abort if you are unsure about the passphrase you entered.

All in all , I think ecryptfs is a robust , fast and very flexible file encryption system.

Source Reference: