Debian/Ubuntu Tips & Tricks
Debuntu.org: .deb packages, Unix/Linux Tutorials and Articles.
Navigation
sponsors
User login
Coding.Debuntu.Org
- Python GTK: How to customize the size of a button in a notebook tab label
- Python GTK: How to set up gtk.Notebook tab with custom widget
- Python GTK: Treeview with rows of different colors
- Python: [socket] A simple TCP client
- Python: Embedding a Virtual Terminal in a GTK widget with python vte library
RPM-Based.Org
Poll
Syndicate
Search
Sponsors
Tips
Google Products
How To: use encrypted directories with ENCFS and FUSE
There is many options out there to encrypt datas on a hard drive. You could either encrypt a whole partition using kernel filesystem or simply encrypt specifics directories on your hard disk.
encfs along with fuse can accomplish this.
This how-to will show how you can easily encrypt a directory on your filesystem.
the tools we are going to use here are:
- fuse
- encfs
encfs allow encrypting virtual filesystem, virtual because you are not going to encrypt a whole partition but simply use a native filesystem such as ext3, reiserfs... A good point is that you do not have to create a new filesystem and define a specific size, but will be able to use as much room left in the existing filesystem you are going to encrypt the directory on.
Now, let install the required packages:
$sudo apt-get install fuse-utils encfs
You need to make sure that your user belong to the fuse group:
$groups
if you see fuse in the response, it is all ok, otherwise, add your normal user to fuse group:
$sudo adduser myuser fuse
Also, the fuse kernel module need to be loaded:
$sudo modprobe fuse
If you want this module to be automatically loaded at boot time, you need to had it to /etc/modules .
Now assume that you want an encrypted directory named /home/myuser/encrypted, the first thing we need to do is to create a virtual mount point: /home/myuser/.encrypted, and the directory it is going to mount on:
$mkdir /home/myuser/.encrypted
$mkdir /home/myuser/encrypted
now, simply mount the filesystem using encfs. If the filesystem is already created, it is only going to prompt for the passphrase decrypting the filesystem, otherwise it will ask you question for creating the filesystem, simply typing ENTER will do a standard configuration which should suit most people.
Well, now mount your filesystem and start editing files.
$encfs /home/myuser/.encrypted /home/myuser/encrypted
$echo "test" > /home/myuser/encrypted/test.txt
$echo "test2" > /home/myuser/encrypted/test2.txt
as you can see, test.txt and test2.txt are created and readable in /home/myuser/encrypted. Now, unmount your encrypted filesystem:
$fusermount -u /home/myuser/encrypted
check the content of /home/myuser/encrypted:
$ls /home/myuser/encrypted
Empty! All the files are in /home/myuser/.encrypted:
$ls /home/myuser/.encrypted
Filenames are encrypted and if their content is not human readable :). Now, mount the encrypted directory back:
$encfs /home/myuser/.encrypted /home/myuser/encrypted
Supply the password you defined when creating the filesystem and check the content of /home/myuser/encrypted:
$ls /home/myuser/encrypted
test.txt test2.txt
Your files are back :).
Conclusion: This is a pretty simple file encryption, it has the advantage of not being applied to a whole partition so you do not have to create and initialize an encrypted partition, but instead, you are only going to create a directory where you will write your sensitive datas.
- Login or register to post comments
- Printer friendly version
Thank you
Just got this running on a small business backup server. Thank you so much for the tutorial!
Great for porn, ozar! :) J
Great for porn, ozar! :)
Just kidding. (Wish I weren't.)
yep supermike, you could ;).
yep supermike, you could ;).
But this is great as well for saving sensitive datas such as passwords, remote access login ... files :p .
Think USB stick with password
Think USB stick with passwords and sensitive notes!
I've been using encfs quite some time now, and I'm not afraid of losing the stick.
yep kotnik, you are definite
yep kotnik,
you are definitely right, USB sticks are so easy to loose :s. Encrypting files over it is definitely a great idea :)
Great tutorial Chantra - than
Great tutorial Chantra - thanks!
Would this work on a vfat filesystem? The reason I ask is that I use my iPod to backup my home PC and it would be good to store the backups in an encrypted folder on it.
Regards
Yes, this should work as long
Yes, this should work as long as you got write access to your vfat partition.
Create /mnt/fat/encrypted and /mnt/fat/.encrypted, mount it, and you should get the same.
You can take this one stage f
You can take this one stage further and have encrypted home directories which automatically mount when the user logs in and umount when they log out.
'apt-get install libpam-encfs'
This has the advantage over encrypting the whole partion that seperate keys can be used by different users on the system.
Simon.
Hi Simon, Yes, I'm aware o
Hi Simon,
Yes, I'm aware of that but I haven't tried it yet.
Once I will have tried it out, I will post an article on it :).
Thanks for the tip.
Hey, apt-get install fuse
Hey,
apt-get install fusedoes not work on Debian Sarge 3.1 !!!!
Thanks Diesis for reporting t
Thanks Diesis for reporting the typo.
This is actually fuse-utils and not fuse that we need to install.
Change has been made on the post.