It is possible that your private and secure data can be read by not authorized persons when they have physical access to your computer.
A Example:
Boot your computer with Knoppix and mount the hard disk.
Plugin a USB memory stick and copy everything over.
Easy isn't it? Here it is in evil hands, in good hands this is the way to recover data from a crashed computer (including non-Linux operating systems). A way to prevent that is encrypting your files. However do not forget your password!
A simple method is encfs: http://www.arg0.net/#!encfs/c1awt. Actually it is not an encrypted file system, it uses regular directories and regular files on the hard disk. It encrypts the files, but not the file system.
Real encrypted file systems are more tricky to handle and therefore more vulnerable to loose data. If a crash would happen everything would have been gone. Additionally synchronization tools might not be able to access encrypted file systems.
To not have all those side effects encfs might be the desirable solution. The probability that encfs crashes is much lower since regular well tested file systems (as ext2) are used, but if a crash would happen you could even copy the encrypted files on a memory stick and knowing the password rescue their content.
Usually encfs uses a hidden directory named .crypt
with all the encrypted data, for every file and directory there
is a encrypted equivalent. Additionally it makes use of a mounting point crypt
. Once mounted requiring a password, the encrypted files from .crypt
can
be accessed unencrypted as normal ones in the crypt
directory.
encfs uses the kernel module fuse (from the kernel source or as separate package) that makes the link from the kernel to user space.
Install also the fuse packet, since it adds additional libraries.
See man encfs for all options
To mount but also to create the encrypted file systems (with absolute paths):
encfs~/<some_path>
/.crypt ~/<some_path>
/crypt
A prompt for the password appears.
When the password got accepted, files and directories can be accessed in crypt
and their encrypted twins appear in .crypt
When finished unmount it:
fusermount -u ~/<some_path>
/crypt
In case a new .crypt
directory gets created encfs prompts for options and passwords. The .crypt/.encfs<n>
.xml holds the data and encrypted passwords in the directory.
For changes to the Encfs
directory, see info about the encryption encfsctl info .crypt
To change the password once a while do the following. With the not mounted crypt-ed directory, change to the Encfs directory
where ls -a shows you the .crypt
directory and:
encfsctl passwd .crypt
gencfs is a simple GUI: http://www.linurs.org/gencfs.html
A Windows version is http://www.freeotfe.org/features.html that can be read on Linux using LUKS. An other tool is dm-crypt.