Ecryptfs

Introduction

Encrypt files, has always been needed in computer world, it could be something as simple as your diary, or as important as your private source code, for that important project.

Linux offers some different approaches to provide file encryption, the most of them are focused on volume encryption, and require that you set apart some space of your disk, and dedicate it to the storage of the files encrypted. The problem with this, is that if you do not need all the space set, you will waste disk space, on the other hand if you need more room for your encrypted files, you will have to resize the volume. And that is not an easy task.

So, how to encrypt files, and store them in the disk’s common area?.

ecryptfs has the solution to that. What is ecryptfs?

From Wikipedia:

eCryptfs (the Enterprise Cryptographic Filesystem) is a POSIX-compliant encrypted filesystem that has been included in Ubuntu since version 9.04. It is a form of disk encryption software similar to Microsoft’s BitLocker Drive Encryption and Apple’s FileVault. Unlike other Linux encryption solutions such as dm-crypt, eCryptfs uses Filesystem-level encryption instead of full disk encryption. Fileystem encryption has certain advantages and disadvantages over block-level encryption.

Filesystem-level encryption, often called file or folder encryption, is a form of disk encryption where individual files or directories are encrypted by the file system itself. This is in contrast to full disk encryption where the entire partition or disk, in which the file system resides, is encrypted.

Having said that, we will now learn how to install and use ecryptfs

Installation

ecryptfs, should be included with your favorite Linux Distribution, so just use your package manager to install it. In my Arch Linux, this what I have done.

clyde ecryptfs-utils

Once it is installed, I had to load the kernel module to be able to start using it.

sudo modprobe ecryptfs

Now it is installed and ready to be used.

Setup

To configure it, log in as your normal users and run:

ecryptfs-setup-private

You’ll see something like this:

ecryptfs

Now as required log out and in again.

You will notice that a hidden folder has been created /home/[you-user]/.private, the encrypted files will stored there, but you will not access them from there. To access them you will go to ~/Private. By default this is what you should find there:

ecryptfs

This is because the encrypted partition is not yet mounted. The contents of those files are:

README.txt

THIS DIRECTORY HAS BEEN UNMOUNTED TO PROTECT YOUR DATA.

From the graphical desktop, click on:

"Access Your Private Data"

or

From the command line, run:

ecryptfs-mount-private

Access-Your-Private-Data.desktop

[Desktop Entry]
_Name=Access Your Private Data
_GenericName=Access Your Private Data
Exec=/usr/bin/ecryptfs-mount-private
Terminal=true
Type=Application
Categories=System;Security;
X-Ubuntu-Gettext-Domain=ecryptfs-utils

Using it

To mount it run:

ecryptfs-mount-private

Now you can start copying and creating files in the folder ~/Private and they will be encrypted, but still accessible in its un-encrypted mode, until you unmount the encrypted partition. To do that run:

ecryptfs-umount-private

Those are the most important aspects about this great tool.

How to encrypt a file in Linux