How to provide an encryption password in batch mode

[ub2]

Dear Clonezilla cracks

Still fiddling around, not getting it running, I'd like to ask here.

The situation:

• Clonezilla live on a stick running an custom-ocs allows newbie-users to backup/restore their hardware (2 harddisks with various partitions each).
• The custom-ocs provides a kind of BASH-GUI and runs underneath in a batch mode various commands, as for example:
  yes "" | ocs-sr -b -q2 -j2 -z1p -i 2000 -fsck-src-part-y -p true saveparts "$BakNameSda1" sda1 | tee $Path2LogfileSda1

My Question:

• Since I'd like to allow the user also to do encrypted backups/restores, I want to add $Enc containing " -enc" oder " -senc" and provide a password ($EncPw) the user typed in.
  Ending up with something like:
  yes "" | ocs-sr -b -q2 -j2 -z1p -i 2000 -fsck-src-part-y $Enc $EncPw -p true saveparts "$BakNameSda1" sda1 | tee $Path2LogfileSda1

But how to provide the user-password in batch mode?

Any hints, ideas, links, etc would be very welcome

ub2

By the way. Clonezilla is great, Thanks a lot.

[ub2]

Help !
I'm still struggling to provide the encryption-password in batch mode:

trial1

ok if EncCode=" -senc"

fails if EncCode=" -enc Password"

...
BefZeiSda1='yes "" | ocs-sr -b -q2 -j2 -z1p -i 4096 -sfsck'$EncCode' -p true saveparts '$BakNameSda1' sda1 | tee '$PfadLogfileSda1LastBakDetails
...
eval $BefZeiSda1
RetBefZeiSda1=$?

trial2

fails in both cases: a) Enc=" -senc" EncPw="" and b) Enc=" -enc" EncPw="password"

...
BefZeiSda1='yes "" | echo '$EncPw' | ocs-sr -b -q2 -j2 -z1p -i 4096 -sfsck'$Enc' -p true saveparts '$BakNameSda1' sda1 | tee '$PfadLogfileSda1LastBakDetails
...
eval $BefZeiSda1
RetBefZeiSda1=$?

trial3

fails in both cases a) Enc=" -senc" EncP2="" and b) Enc=" -enc" EncPw="password"

...
BefZeiSda1='yes "" | ocs-sr -b -q2 -j2 -z1p -i 4096 -sfsck'$Enc' -p true saveparts '$BakNameSda1' sda1 < echo '$EncPw' | tee '$PfadLogfileSda1LastBakDetails
...
eval $BefZeiSda1
RetBefZeiSda1=$?

Really nobody out there who already has done encrypted backups in batch mode?
Any help, hint, keyword, etc .. would be highly appreciated.

Tanks a lot ub2

[ub2]

Sorry for bad formatting, ub2

[ub2]

Hi ub2,

OK, the option "-enc" or "-senc" is only a switch, and it won't accept
any parameter. Therefore if you want to provide an encryption password
in batch mode, the version of Clonezilla now does not support it. We
will have to implement that in the future.

For the moment, actually the image encryption of Clonezilla is done by
the opensource pacakge "ecryptfs", therefore you can use your own
command and password to mount it by something like:
mount -t ecryptfs /home/partimag/2017-12-22-01-img-enc
/tmp/ecryptfs_mnt.if8GFo -o
ecryptfs_cipher=aes,ecryptfs_key_bytes=16,no_sig_cache,ecryptfs_enable_filename_crypto=n,ecryptfs_passthrough,key=passphrase:passphrase_passwd_file=/tmp/ecryptfs_f.h5HnQy

(Basically you prepare a empty image dir called
/home/partimag/2017-12-22-01-img-enc, and use encryptfs to encrypt the
dir, then ocs-sr save the image to the mounted encrypted image dir.)

You can google to find the details about using ecryptfs.

Steven

[ub2]

Hi ub2,

Feel free to post my answer in the Clonezilla live forum. Thanks.

I might have some time after Xmas or new year, so I will implement the feature you have requested. Please be patient.

Merry Xmas and Happy new year.

Steven

[Steven Shiau]

Please give Clonezilla live 2.5.5-19 a try:
http://clonezilla.org/downloads.php

The command ocs-sr now comes with option -pe or -pfe which you can use to provide the password. For more info, run:
ocs-sr --help

Let us know your testing results. Thanks.

Steven