Encrypt files, has always been needed in computer world, it could be something as simple as your diary, or as important as your private source code, for that important project.
Linux offers some different approaches to provide file encryption, the most of them are focused on volume encryption, and require that you set apart some space of your disk, and dedicate it to the storage of the files encrypted. The problem with this, is that if you do not need all the space set, you will waste disk space, on the other hand if you need more room for your encrypted files, you will have to resize the volume. And that is not an easy task.
So, how to encrypt files, and store them in the disk’s common area?.
ecryptfs has the solution to that. What is ecryptfs?
eCryptfs (the Enterprise Cryptographic Filesystem) is a POSIX-compliant encrypted filesystem that has been included in Ubuntu since version 9.04. It is a form of disk encryption software similar to Microsoft’s BitLocker Drive Encryption and Apple’s FileVault. Unlike other Linux encryption solutions such as dm-crypt, eCryptfs uses Filesystem-level encryption instead of full disk encryption. Fileystem encryption has certain advantages and disadvantages over block-level encryption.
Filesystem-level encryption, often called file or folder encryption, is a form of disk encryption where individual files or directories are encrypted by the file system itself. This is in contrast to full disk encryption where the entire partition or disk, in which the file system resides, is encrypted.
Having said that, we will now learn how to install and use ecryptfs
ecryptfs, should be included with your favorite Linux Distribution, so just use your package manager to install it. In my Arch Linux, this what I have done.
Once it is installed, I had to load the kernel module to be able to start using it.
sudo modprobe ecryptfs
Now it is installed and ready to be used.
To configure it, log in as your normal users and run:
You’ll see something like this:
Now as required log out and in again.
You will notice that a hidden folder has been created
/home/[you-user]/.private, the encrypted files will stored there, but you will not access them from there. To access them you will go to
~/Private. By default this is what you should find there:
This is because the encrypted partition is not yet mounted. The contents of those files are:
THIS DIRECTORY HAS BEEN UNMOUNTED TO PROTECT YOUR DATA.
From the graphical desktop, click on:
"Access Your Private Data"or
From the command line, run:
[Desktop Entry] _Name=Access Your Private Data _GenericName=Access Your Private Data Exec=/usr/bin/ecryptfs-mount-private Terminal=true Type=Application Categories=System;Security; X-Ubuntu-Gettext-Domain=ecryptfs-utils
To mount it run:
Now you can start copying and creating files in the folder
~/Private and they will be encrypted, but still accessible in its un-encrypted mode, until you unmount the encrypted partition. To do that run:
Those are the most important aspects about this great tool.