EncFS - Encrypted File System

EncFS allows you to create one or more encrypted folders for easy access, just like opening and closing a safe. The encrypted folder is mounted to an empty non-encrypted folder that acts as the "safe door". You are able to open the encrypted "safe" folder with a command and a password or pass phrase. But you must put and take the contents through the safe door folder that is not encrypted.

This is a re-write of an EncFS How-To by Jon Du Quesne, now that Mepis is based upon the Ubuntu repositories.

EncFS Installation

You will need to know how to open a Konsole terminal program to enter commans. You will also need to know how to enter commands as root. To enter commands as root, first enter this command into the Konsole terminal program, followed by the system password when prompted.

$ su

All the packages that are required to install EncFS are in the Ubuntu repositories that are pre-installed with Mepis. Just use Synaptic to install EncFS and its two dependencies, or enter this command as root:

# apt-get install encfs

Next, EncFS depends upon fuse. Make the fuse file system available by entering the following command as root:

# modprobe fuse 

To avoid having to enter the modprobe command each time you start your PC, enter these commands only once as root:

# echo "modprobe fuse" > /etc/init.d/fuse
# chmod +x /etc/init.d/fuse
# ln -s ../init.d/fuse /etc/rcS.d/S47fuse

Add your username to the fuse user group and log out/log in to make it effective.

# adduser [your username] fuse

EncFS is now installed. Nothing else need be done as root.

Using EncFS

Using encfs is fairly easy. You need to create two directories in your /home/user directory. The first will become the encrypted directory. The second will be a mount-point for the encrypted directory. These directories can be called anything you like. (In the examples below, replace the word "user" with your own user name.

So, for example, create the encrypted directory:

$ mkdir /home/user/encrypt

And, create the mount point:

$ mkdir /home/user/decrypt

To use the directory, first it must be mounted. Even though you are the owner of the directories, use full path names for both directories. Here is an example for an encrypted folder in your home directory.

$ encfs /home/use/encrypt /home/user/decrypt

The first time it's used you will be prompted for a password. This can be a passphrase.

Once the encrypted file system has been mounted you put things in and out of the mount point directory like any directory. All of these commands can be done as a regular user. If you look in the encrypt directory you will find junk Smiling. Do not put anything directly into the encrypted directory.

When you unmount and close the encrypted file system the files become unreadable:

$ fusermount -u /home/user/decrypt

That's all there is to it!

Some EncFS Pointers

You may use the ~ instead of "/home/user". Then the commands would be:

$ encfs ~/encrypt ~/decrypt
$ fusermount -u ~/decrypt

While the encrypted directory has been unmounted, these things can be done.

- Delete the unencrypted directory. It will be created whenever necessary.
- Rename or move the encrypted directory.
- Move the encrypted directory to a USB memory stick.
- Change the password with

$ encfsctl passwd ~/encrypt

.

Beware! This really works

Beware! EncFS really works. If you forget the password, there IS NO WAY to retrieve your files and data. I suggeset that you keep an un-encrypted copy somewhere physically safe.

Links

Jon's entry: http://www.mepis.org/node/7662
An article on O'Reilly's Linux Development Center: http://www.linuxdevcenter.com/pub/a/linux/2005/04/14/encfs.html
The wiki created by the author of EncFS is located at: http://arg0.net/wiki/encfs