Encrypted File Systems

It is possible that your private and secure data can be read by not authorized persons when they have physical access to your computer.

A Example:

  1. Boot your computer with Knoppix and mount the hard disk.

  2. Plugin a USB memory stick and copy everything over.

Note

Easy isn't it? Here it is in evil hands, in good hands this is the way to recover data from a crashed computer (including non-Linux operating systems). A way to prevent that is encrypting your files. However do not forget your password!

Encfs

A simple method is encfs: http://www.arg0.net/#!encfs/c1awt. Actually it is not an encrypted file system, it uses regular directories and regular files on the hard disk. It encrypts the files, but not the file system.

Real encrypted file systems are more tricky to handle and therefore more vulnerable to loose data. If a crash would happen everything would have been gone. Additionally synchronization tools might not be able to access encrypted file systems.

To not have all those side effects encfs might be the desirable solution. The probability that encfs crashes is much lower since regular well tested file systems (as ext2) are used, but if a crash would happen you could even copy the encrypted files on a memory stick and knowing the password rescue their content.

Usually encfs uses a hidden directory named .crypt with all the encrypted data, for every file and directory there is a encrypted equivalent. Additionally it makes use of a mounting point crypt. Once mounted requiring a password, the encrypted files from .crypt can be accessed unencrypted as normal ones in the crypt directory.

encfs uses the kernel module fuse (from the kernel source or as separate package) that makes the link from the kernel to user space.

Install also the fuse packet, since it adds additional libraries.

See man encfs for all options

To mount but also to create the encrypted file systems (with absolute paths):

encfs~/<some_path>/.crypt ~/<some_path>/crypt

A prompt for the password appears.

When the password got accepted, files and directories can be accessed in crypt and their encrypted twins appear in .crypt

When finished unmount it:

fusermount -u ~/<some_path>/crypt

In case a new .crypt directory gets created encfs prompts for options and passwords. The .crypt/.encfs<n>.xml holds the data and encrypted passwords in the directory.

For changes to the Encfs directory, see info about the encryption encfsctl info .crypt

To change the password once a while do the following. With the not mounted crypt-ed directory, change to the Encfs directory where ls -a shows you the .crypt directory and:

encfsctl passwd .crypt

gencfs is a simple GUI: http://www.linurs.org/gencfs.html

Other encryption methods

A Windows version is http://www.freeotfe.org/features.html that can be read on Linux using LUKS. An other tool is dm-crypt.


Linurs startpage