eCryptfs is a POSIX-compliant enterprise-class stacked cryptographic filesystem for Linux.It provides advanced key management and policy features. eCryptfs stores cryptographic metadata in the header of each file written, so that encrypted files can be copied between hosts; the file will be decryptable with the proper key, and there is no need to keep track of any additional information aside from what is already in the encrypted file itself. Think of eCryptfs as a sort of “gnupgfs.” eCryptfs is a native Linux filesystem. The kernel module component of eCryptfs is part of the Linux kernel since 2.6.19.
First, install eCryptfs:
…in RPM based linux (e.g., Fedora, RedHat)
su -c 'yum install ecrypt-utils'
…or in DEB based linux (e.g., Ubuntu, Debian)
sudo aptitude install ecryptfs-utils
Next, you need to create a directory to encrypt. (Remember “~” means “your home directory”)
Now you need to make sure no one will access this folder using the following command.
chmod 700 ~/private
Then mount the ecryptfs to the private folder using the following command as root:
mount -t ecryptfs ~/private ~/private
eCryptfs will then prompt you to answer a few questions…
Press “2” to select passphrase. You will then be asked to enter and verify your passphrase. Select the AES encryption cipher. If you are not sure of what to select, simply press Enter to select the default. Select key byte and enable plaintext passthrough.
If you want to use unecrypted file inside your secret folder, then type “yes” if not, type “no”
Now go to your Home folder. You should see a folder named private/. Your private/ drive should also be mounted in the file system… Verify by typing “df -h” in a terminal.
[user@nv] [~]> df -h Filesystem Size Used Avail Use% Mounted on /dev/mapper/luks-59a2d203-0dc6-467c-8558-cdd42d237726 67G 63G 102M 100% / /dev/sda1 99M 29M 65M 31% /boot tmpfs 502M 1.3M 500M 1% /dev/shm /dev/md0 74G 70G 300M 100% /backup /home/user/private 67G 63G 102M 100% /home/user/private
Testing your Private Folder encryption
Add some files to the folder.
Unmount using the following command as root
Now you can open your ~/private/ folder and check your files.
Creating a launcher for your Private Folder
If you create a launcher on your desktop allows you to mount the Personal folder easily.On your desktop, right click the mouse and select “Create Launcher.”
Enter the following details:
Type: Application in Terminal Name: PrivateFolder (or your choice) Command: sudo mount -t ecryptfs /home/username/private /home/username/private key=passphrase,ecryptfs_cipher=aes,ecryptfs_key_bytes=16,ecryptfs_passthrough=n
Next time, when you want to mount your private folder, just click on this launcher. It will pop up a terminal and ask you for your passphrase. Once that is verified, the Private folder will be mounted in your Home directory.