How to encrypt directory in Linux using Encfs ?

EncFS creates a virtual encrypted filesystem which stores encrypted data in the rootdir directory and
makes the unencrypted data visible at the mountPoint directory. The user must supply a password which is
used to (indirectly) encrypt both filenames and file contents.

 $ sudo apt install encfs 
 $ mkdir encfs 
 $ cd encfs 
 $ mkdir encrypted-rootdir 
 $ mkdir unencrypted-mountPoint 
 $ encfs $PWD/encrypted-rootdir/ $PWD/unencrypted-mountPoint/ 

Creating new encrypted volume.
Please choose from one of the following options:
enter “x” for expert configuration mode,
enter “p” for pre-configured paranoia mode,
anything else, or an empty line will select standard mode.
?> [just Enter Here when Asked]

Standard configuration selected.

Configuration finished. The filesystem to be created has
the following properties:
Filesystem cipher: “ssl/aes”, version 3:0:2
Filename encoding: “nameio/block”, version 4:0:2
Key Size: 192 bits
Block Size: 1024 bytes
Each file contains 8 byte header with unique IV data.
Filenames encoded using IV chaining mode.
File holes passed through to ciphertext.

Now you will need to enter a password for your filesystem.
You will need to remember this password, as there is absolutely
no recovery mechanism. However, the password can be changed
later using encfsctl.

New Encfs Password: [just Enter Password Here when Asked]
Verify Encfs Password: [just Enter Password Here when Asked]

$ mount | grep encfs
encfs on /home/myuser/encfs/unencrypted-mountPoint type fuse.encfs (rw,nosuid,nodev,relatime,user_id=1000,group_id=1000) 
 $ cd unencrypted-mountPoint/ 
 $ echo "this is file inside unencrypted folder" > test_file.txt 
$ ls -l
total 4
-rw-rw-r-- 1 myuser myuser 39 Apr 26 01:34 test_file.txt
 $ cd ../ 

Now, lets check with tree command, which all files got created,

$ tree
.
├── encrypted-rootdir
│   └── ALDdfi3Jwpp,cqqSri2XaX,G
└── unencrypted-mountPoint
    └── test_file.txt

2 directories, 2 files

As we can see, as soon as we create a test file in unencrypted folder, an equivalent encrypted file gets created in encrypted folder ( as we can see with name ALDdfi3Jwpp,cqqSri2XaX,G )

Now, lets say we are done with creating files which we want to encrypt in a folder, then we need to unmount the mounted folder as,

 $ fusermount -u $PWD/unencrypted-mountPoint/ 
 $ tree
.
├── encrypted-rootdir
│   └── ALDdfi3Jwpp,cqqSri2XaX,G
└── unencrypted-mountPoint

2 directories, 1 file 

Now, lets check back this files, by mounting the encrypted folder as,

$ encfs $PWD/encrypted-rootdir/ $PWD/unencrypted-mountPoint/
EncFS Password: 

Enter your remembered password here once asked.

$ tree
.
├── encrypted-rootdir
│   └── ALDdfi3Jwpp,cqqSri2XaX,G
└── unencrypted-mountPoint
    └── test_file.txt

2 directories, 2 files 

Leave a Comment