How To: use encrypted directories with ENCFS and FUSE

2 minute read

There is many options out there to encrypt datas on a hard drive. You could either encrypt a whole partition using kernel filesystem or simply encrypt specifics directories on your hard disk.

encfs along with fuse can accomplish this.

This how-to will show how you can easily encrypt a directory on your filesystem.

the tools we are going to use here are:

  • fuse
  • encfs

encfs allow encrypting virtual filesystem, virtual because you are not going to encrypt a whole partition but simply use a native filesystem such as ext3, reiserfs… A good point is that you do not have to create a new filesystem and define a specific size, but will be able to use as much room left in the existing filesystem you are going to encrypt the directory on.

Now, let install the required packages:

$ sudo apt-get install fuse-utils encfs

You need to make sure that your user belong to the fuse group:

$ groups

if you see fuse in the response, it is all ok, otherwise, add your normal user to fuse group:

$ sudo adduser myuser fuse

Also, the fuse kernel module need to be loaded:

$ sudo modprobe fuse

If you want this module to be automatically loaded at boot time, you need to had it to /etc/modules .

Now assume that you want an encrypted directory named /home/myuser/encrypted, the first thing we need to do is to create a virtual mount point: /home/myuser/.encrypted, and the directory it is going to mount on:

$ mkdir /home/myuser/.encrypted
$ mkdir /home/myuser/encrypted

now, simply mount the filesystem using encfs. If the filesystem is already created, it is only going to prompt for the passphrase decrypting the filesystem, otherwise it will ask you question for creating the filesystem, simply typing ENTER will do a standard configuration which should suit most people.

Well, now mount your filesystem and start editing files.

$ encfs /home/myuser/.encrypted /home/myuser/encrypted
$ echo "test" > /home/myuser/encrypted/test.txt
$ echo "test2" > /home/myuser/encrypted/test2.txt

as you can see, test.txt and test2.txt are created and readable in /home/myuser/encrypted. Now, unmount your encrypted filesystem:

$ fusermount -u /home/myuser/encrypted

check the content of /home/myuser/encrypted:

$ ls /home/myuser/encrypted

Empty! All the files are in /home/myuser/.encrypted:

$ ls /home/myuser/.encrypted

Filenames are encrypted and if their content is not human readable :). Now, mount the encrypted directory back:

$ encfs /home/myuser/.encrypted /home/myuser/encrypted

Supply the password you defined when creating the filesystem and check the content of /home/myuser/encrypted:

$ ls /home/myuser/encrypted
test.txt test2.txt

Your files are back :).

Conclusion:

This is a pretty simple file encryption, it has the advantage of not being applied to a whole partition so you do not have to create and initialize an encrypted partition, but instead, you are only going to create a directory where you will write your sensitive datas.