Using on the fly encryption with the EncFSPosted: October 7, 2011
Say, you want to keep your sensitive data encrypted, but that causes a lot of inconvenience with your file backup or automatic synchronisation software (like Dropbox) – the huge encrypted volumes need to be copied over tight network connections every time you change a single letter in a file on the encoded volume.
The solution is to use a software, which encrypts/decrypts the data as it is written to/read from the disk, each file separately. Like EncFS.
EncFS is included in the standard Ubuntu installation repository and can be installed automatically at will:
sudo apt-get install encfs
- Make the directory were the files in their encrypted form will be stored (in the below example it is crypt-raw).
- Make the “magic mirror” – the directory were you will “mount” the encrypted files directory so that you can see your files in their true image (crypt).
- Mount the directory (Actually you could skip the first two steps. If the directories do not exist, they will be created for you).
encfs /tmp/crypt-raw /tmp/crypt
- Work with the files in the mounted directory as you would normally do. You can watch the encoded files with cryptic names change in the encrypted files directory.
- Unmount the mounted directory.
fusermount -u /tmp/crypt
To move around or backup your data you shall remember, that, in order to recover your data, aside from the password you will also need the hidden “control” file. In case of Ubuntu 10.10 with encfs 1.6.1-1 it is called .encfs6.xml.
If you lose the control file you will lose the ability to mount the encrypted directory. Well, actually it will mount, but it will show up as a new blank “readable” directory. While your encrypted files will still be there in the encrypted files directory, they will be invisible in the “readable” directory. The question remains – can they be recovered? And if yes then how?