EncFS – Simple article to use Encrypted filesystem in Linux

2009-12-24 3 min read Linux

A nice article here

EncFS is an easy-to-use, command-line tool for storing information in encrypted form. It’s not really a file-system, but it pretends to be one at the CLI. If you’ve been searching for a means of encrypting and decrypting your sensitive data easily, here it is.
User Level: Intermediate
EncFS is included with the distribution I’m using on the desktop, Ubuntu Dapper, so all I needed to do to install it was a few clicks in Synaptic. Look for the encfs package, and select if for installation. It should pull down all of the dependencies for the system. If you’re not so lucky, and your distro doesn’t include EncFS packages, you can download the latest tarball from a here and build it from the source. See the EncFS site for a dependencies.

In addition, you’ll need to load the fuse kernel module in order to use EncFS. To do this, run

  <td>
    <div class="bash codecolorer">
      , <span class="kw2">which</span> should take care of loading the fuse kernel module. You also need to add your <span class="sy0"><</span>a <span class="re2">class</span>=<span class="st0">"zem_slink"</span> <span class="re2">title</span>=<span class="st0">"User identifier"</span> <span class="re2">rel</span>=<span class="st0">"wikipedia"</span> <span class="re2">href</span>=<span class="st0">"http://en.wikipedia.org/wiki/User_identifier"</span><span class="sy0">></span>user ID<span class="sy0"></</span>a<span class="sy0">></span> to the fuse group before you can use EncFS. To add the user ID to the fuse group, run <span class="br0">&#91;</span><span class="kw2">cc</span> <span class="re2">lang</span>=<span class="st0">"bash"</span><span class="br0">&#93;</span>usermod <span class="re5">-a</span> <span class="re5">-G</span> fuse username
    </div>
  </td>
</tr>
1

— this will add username to the fuse group, without removing the user from other groups.

Here’s how it works. When you start EncFS at the command line, you tell it where to keep the encrypted and decrypted versions of your “filesystem.” The encrypted version stays put, right where you tell it to stay, but the plain-text version disappears when you want it to; either by use of an unmount command or by reaching a predetermined period of inactivity. Let’s take a hypothetical case to illustrate the process.
I’m planning a surprise birthday party for someone near and dear to me, someone who occasionally uses my desktop computer, so I decide to use EncFS to hide the evidence. To get started, I simply enter the following at the CLI:

  <td>
    <div class="bash codecolorer">
      encfs ~<span class="sy0">/</span>.partyplans ~artyplans
    </div>
  </td>
</tr>
1

Since this is the first time EncFS has heard about partyplans, it double-checks to make sure I haven’t made a typo before proceeding to create the directories, set the options, and get a password to use with them:
The directory “/home/warthawg/.partyplans/” does not exist. Should it be created? (y,n) y
The directory “/home/warthawgartyplans” does not exist. Should it be created? (y,n) y
Creating new encrypted volume.
Please choose from one of the following options:
enter “x” for expert configuration mode,enter “p” for pre-config
Continue reading here.

Enhanced by Zemanta
comments powered by Disqus