EncFS creates a virtual encrypted filesystem which stores encrypted data in the rootdir directory and
makes the unencrypted data visible at the mountPoint directory. The user must supply a password which is
used to (indirectly) encrypt both filenames and file contents.
$ sudo apt install encfs $ mkdir encfs $ cd encfs $ mkdir encrypted-rootdir $ mkdir unencrypted-mountPoint $ encfs $PWD/encrypted-rootdir/ $PWD/unencrypted-mountPoint/ Creating new encrypted volume.
Please choose from one of the following options:
enter “x” for expert configuration mode,
enter “p” for pre-configured paranoia mode,
anything else, or an empty line will select standard mode.
?> [just Enter Here when Asked]
Standard configuration selected.
Configuration finished. The filesystem to be created has
the following properties:
Filesystem cipher: “ssl/aes”, version 3:0:2
Filename encoding: “nameio/block”, version 4:0:2
Key Size: 192 bits
Block Size: 1024 bytes
Each file contains 8 byte header with unique IV data.
Filenames encoded using IV chaining mode.
File holes passed through to ciphertext.
Now you will need to enter a password for your filesystem.
You will need to remember this password, as there is absolutely
no recovery mechanism. However, the password can be changed
later using encfsctl.
New Encfs Password: [just Enter Password Here when Asked]
Verify Encfs Password: [just Enter Password Here when Asked]
$ mount | grep encfs
encfs on /home/myuser/encfs/unencrypted-mountPoint type fuse.encfs (rw,nosuid,nodev,relatime,user_id=1000,group_id=1000) $ cd unencrypted-mountPoint/ $ echo "this is file inside unencrypted folder" > test_file.txt $ ls -l
total 4
-rw-rw-r-- 1 myuser myuser 39 Apr 26 01:34 test_file.txt $ cd ../ Now, lets check with tree command, which all files got created,
$ tree
.
├── encrypted-rootdir
│ └── ALDdfi3Jwpp,cqqSri2XaX,G
└── unencrypted-mountPoint
└── test_file.txt
2 directories, 2 filesAs we can see, as soon as we create a test file in unencrypted folder, an equivalent encrypted file gets created in encrypted folder ( as we can see with name ALDdfi3Jwpp,cqqSri2XaX,G )
Now, lets say we are done with creating files which we want to encrypt in a folder, then we need to unmount the mounted folder as,
$ fusermount -u $PWD/unencrypted-mountPoint/ $ tree
.
├── encrypted-rootdir
│ └── ALDdfi3Jwpp,cqqSri2XaX,G
└── unencrypted-mountPoint
2 directories, 1 file Now, lets check back this files, by mounting the encrypted folder as,
$ encfs $PWD/encrypted-rootdir/ $PWD/unencrypted-mountPoint/
EncFS Password: Enter your remembered password here once asked.
$ tree
.
├── encrypted-rootdir
│ └── ALDdfi3Jwpp,cqqSri2XaX,G
└── unencrypted-mountPoint
└── test_file.txt
2 directories, 2 files