Directory Encryption with encfs

(i) Please refer to EncryptedFilesystems for further documentation.

Encfs is an application that allows you to create encrypted directories, any file that is placed in such a directory will be encrypted. To open an encrypted directory you need a correct password.

Both encfs must be set up from a terminal so this tutorial might be a bit difficult for linux newcomers. There is a GUI alternative for the default file browser in Ubuntu, see the External Links section.

Setting up encfs

(These directions assume a recent version of ubuntu (>10.04) in which all the fuse details are setup by default.)

To install encfs you need to have access to the universe-packages of ubuntu (How To).

Now enter a terminal and type:

sudo apt-get install encfs

Finally you are ready to create the encrypted directory. The application encfs will create one directory which contains the encrypted files and one directory where the files are unlocked and accessible. The syntax for encfs is: encfs <path to encrypted directory> <path to visible directory>

For example, I wish to have a directory in my home directory called visible and another one called encrypted. Therefore I could write:

encfs ~/.encrypted ~/visible

Where the '~' indicates that the directories shall be placed in the home directory.

First encfs will ask you to create the selected directories. Simply type 'y'. Then it asks which degree of encryption that should be used. I prefer to simply press enter to use default encryption-level. At last encfs will ask you for the password that is needed to reach the encrypted information.

If things work out correctly and you don't recieve an error-message after typing in your password you are now free to use the directory ~/visible to store all kinds of sensitive information:-)

In order to close the ~/visible directory simply type:

fusermount -u ~/visible

As long as the directory is closed all the information in ~/visible will seem to have disappeared. The only way to gain access to this information again is by unlocking it. This can be done in a terminal by typing:

encfs ~/.encrypted ~/visible

You will be asked for the proper password to gain access.

Automatically Mounting on Startup

gnome-encfs Python script

The gnome-encfs project uses the gnome keyring (standard authentication mechanism) and the autostart mechanism to automatically mount your directory on login.

Unfortunately this is not available in the Ubuntu repositories, and must be manually installed.

From the directory where you keep miscellaneous or source files, run:

hg clone http://bitbucket.org/obensonne/gnome-encfs 
cd gnome-encfs
sudo install gnome-encfs /usr/local/bin

Now to setup gnome-encfs so that it knows to mount your directory (using the same names as above) run:

gnome-encfs --add ~/.encrypted ~/visible

Gnome Encfs Manager

There is also GUI solution - Gnome Encfs Manager (homepage: http://www.libertyzero.com/GEncfsM/, project page at Launchpad: https://launchpad.net/gencfsm).

To install it copy/paste the following line into a terminal and hit enter:

sudo add-apt-repository ppa:gencfsm && sudo apt-get update && sudo apt-get install gnome-encfs-manager

Now run "Gnome Encfs Manager" application and do setup via GUI dialogs.

Manually Mounting from Cryptkeeper

There is a gnome tray application called Cryptkeeper that allows for manual (GUI based) mounting/unmounting of directories encrypted with encfs.

To install it, run:

sudo apt-get install cryptkeeper

It should then be available to run from Applications->System Tools->Crytpkeeper. To add your volume click on the tray icon and select "Import EncFS directory". It will then let you browse to your encrypted ~/.encrypted directory (from part 1 of this page). You can then select the location it should be mounted as well.

In the future, you can simply click on it, and select your directory from the drop-down options.

Compatibility Warning

Because of changes to the Boost Serialization library (in 1.42), data encrypted under 10.10 Maverick Meerkat or later are not compatible with encfs running on 10.04LTS Lucid Lynx or earlier.

External Links


CategorySecurity

FolderEncryption (last edited 2012-10-28 15:39:05 by de55)