| Saturday May 28th 2016

HOWTO: Create a private encrypted folder in Linux

eCryptfs is a POSIX-compliant enterprise-class stacked cryptographic filesystem for Linux.It provides advanced key management and policy features. eCryptfseCryptfs stores cryptographic metadata in the header of each file written, so that encrypted files can be copied between hosts; the file will be decryptable with the proper key, and there is no need to keep track of any additional information aside from what is already in the encrypted file itself. Think of eCryptfs as a sort of “gnupgfs.” eCryptfs is a native Linux filesystem. The kernel module component of eCryptfs is part of the Linux kernel since 2.6.19.

First, install eCryptfs:
…in RPM based linux (e.g., Fedora, RedHat)
su -c 'yum install ecrypt-utils'

…or in DEB based linux (e.g., Ubuntu, Debian)
sudo aptitude install ecryptfs-utils

Next, you need to create a directory to encrypt. (Remember “~” means “your home directory”)
mkdir ~/private

Now you need to make sure no one will access this folder using the following command.
chmod 700 ~/private

Then mount the ecryptfs to the private folder using the following command as root:
mount -t ecryptfs ~/private ~/private

eCryptfs will then prompt you to answer a few questions…

Press “2” to select passphrase. You will then be asked to enter and verify your passphrase. Select the AES encryption cipher. If you are not sure of what to select, simply press Enter to select the default. Select key byte and enable plaintext passthrough.

If you want to use unecrypted file inside your secret folder, then type “yes” if not, type “no”

Now go to your Home folder. You should see a folder named private/. Your private/ drive should also be mounted in the file system… Verify by typing “df -h” in a terminal.

[user@nv] [~]> df -h
Filesystem            Size  Used Avail Use% Mounted on
                       67G   63G  102M 100% /
/dev/sda1              99M   29M   65M  31% /boot
tmpfs                 502M  1.3M  500M   1% /dev/shm
/dev/md0               74G   70G  300M 100% /backup
/home/user/private   67G   63G  102M 100% /home/user/private

Testing your Private Folder encryption

Add some files to the folder.
Unmount using the following command as root

umount ~/private

Now you can open your ~/private/ folder and check your files.

Creating a launcher for your Private Folder

If you create a launcher on your desktop allows you to mount the Personal folder easily.On your desktop, right click the mouse and select “Create Launcher.”

Enter the following details:

Type: Application in Terminal
Name: PrivateFolder (or your choice)
Command: sudo mount -t ecryptfs /home/username/private /home/username/private

Next time, when you want to mount your private folder, just click on this launcher. It will pop up a terminal and ask you for your passphrase. Once that is verified, the Private folder will be mounted in your Home directory.

Related Posts: On this day...

Leave a Reply

You must be logged in to post a comment.