Directory Encryption with encfs
|
Please refer to Encfs is an application that allows you to create encrypted directories, any file that is placed in such a directory will be encrypted. To open an encrypted directory you need a correct password.
Both encfs must be set up from a terminal so this tutorial might be a bit difficult for linux newcomers. There is a GUI alternative for the default file browser in Ubuntu, see the External Links section.
Setting up encfs
(These directions assume a recent version of ubuntu (>10.04) in which all the fuse details are setup by default.)
To install encfs you need to have access to the universe-packages of ubuntu (How To).
Now enter a terminal and type:
sudo apt install encfs
Finally you are ready to create the encrypted directory. The application encfs will create one directory which contains the encrypted files and one directory where the files are unlocked and accessible. The syntax for encfs is: encfs <path to encrypted directory> <path to visible directory>
For example, I wish to have a directory in my home directory called visible and another one called encrypted. Therefore I could write:
encfs ~/.encrypted ~/visible
Where the '~' indicates that the directories shall be placed in the home directory.
First encfs will ask you to create the selected directories. Simply type 'y'. Then it asks which degree of encryption that should be used. I prefer to simply press enter to use default encryption-level. At last encfs will ask you for the password that is needed to reach the encrypted information.
If things work out correctly and you don't recieve an error-message after typing in your password you are now free to use the directory ~/visible to store all kinds of sensitive information:-)
In order to close the ~/visible directory simply type:
fusermount -u ~/visible
As long as the directory is closed all the information in ~/visible will seem to have disappeared. The only way to gain access to this information again is by unlocking it. This can be done in a terminal by typing:
encfs ~/.encrypted ~/visible
You will be asked for the proper password to gain access.
Automatically Mounting on Startup
gnome-encfs Python script
The gnome-encfs project uses the gnome keyring (standard authentication mechanism) and the autostart mechanism to automatically mount your directory on login.
Unfortunately this is not available in the Ubuntu repositories, and must be manually installed.
From the directory where you keep miscellaneous or source files, run:
hg clone http://bitbucket.org/obensonne/gnome-encfs cd gnome-encfs sudo install gnome-encfs /usr/local/bin
Now to setup gnome-encfs so that it knows to mount your directory (using the same names as above) run:
gnome-encfs --add ~/.encrypted ~/visible
Gnome Encfs Manager
There is also GUI solution - Gnome Encfs Manager (homepage: http://www.libertyzero.com/GEncfsM/, project page at Launchpad: https://launchpad.net/gencfsm).
To install it copy/paste the following line into a terminal and hit enter:
sudo add-apt-repository ppa:gencfsm && sudo apt update && sudo apt install gnome-encfs-manager
Now run "Gnome Encfs Manager" application and do setup via GUI dialogs.
Manually Mounting from Cryptkeeper
There is a gnome tray application called Cryptkeeper that allows for manual (GUI based) mounting/unmounting of directories encrypted with encfs.
To install it, run:
sudo apt install cryptkeeper
It should then be available to run from Applications->System Tools->Crytpkeeper. To add your volume click on the tray icon and select "Import EncFS directory". It will then let you browse to your encrypted ~/.encrypted directory (from part 1 of this page). You can then select the location it should be mounted as well.
In the future, you can simply click on it, and select your directory from the drop-down options.
Compatibility Warning
Because of changes to the Boost Serialization library (in 1.42), data encrypted under 10.10 Maverick Meerkat or later are not compatible with encfs running on 10.04LTS Lucid Lynx or earlier.
External Links
Easily Encrypt Folders - File browser plugin to add encryption support to the right-click context menu.