Encrypted File Systems

It is possible that your private and secure data can be read by not authorized persons when they have physical access to your computer.

A Example:

  1. Boot your computer with Knoppix and mount the hard disk.

  2. Plugin a USB memory stick and copy everything over.


Easy isn't it? Here it is in evil hands, in good hands this is the way to recover data from a crashed computer (including non-Linux operating systems). A way to prevent that is encrypting your files. However do not forget your password!


A simple method is encfs: http://www.arg0.net/#!encfs/c1awt. Actually it is not an encrypted file system, it uses regular directories and regular files on your hard disk. It encrypts the files, but not the file system.

Real encrypted file systems are more tricky to handle and therefore more vulnerable to loose data. If a crash would happen everything would have been gone. Additionally synchronization tools (as unison) can not handle well encrypted file systems since they see just a single file, its size and data but not its content.

To not have all those side effects encfs might be the desirable solution. The probability that encfs crashes is much lower since regular well tested file systems (as ext2) are used, but if a crash would happen you could even copy the encrypted files on a memory stick and knowing the password rescue their content.

Usually encfs uses a hidden directory named .crypt with all the encrypted data, for every file and directory there is a encrypted equivalent. Additionally it makes use of a mounting point crypt. Once mounted requiring a password, the encrypted files from .crypt can be accessed unencrypted as normal ones in the crypt directory.

encfs uses the kernel module fuse (from the kernel source or as separate package) that makes the link from the kernel to user space.

So emerge fuse even when fuse is enabled in the kernel, since the emerge fuse adds additional libraries. If complied as module and add fuse to/etc/modules.autoload.d/kernel-2.6

emerge encfs

See man encfs for all options

To mount/and create the encrypted file systems (don't forget the password!)

encfs~/<some_path>/.crypt ~/<some_path>/crypt

Now copy all files there, or do with them what you want.

When finished unmount it:

fusermount -u ~/<some_path>/crypt

Change to the Encfs directory, then to see info about the encryption encfsctl info .crypt

Of course you should modify your password used by Encfs once a while. With the not mounted crypt-ed directory, change to the Encfs directory where ls -a shows you the .crypt directory and:

encfsctl passwd .crypt

From my portage overlay emerge gencfs for a simple GUI, see: http://www.linurs.org/gencfs.html

Other encryption methods

A Windows version is http://www.freeotfe.org/features.html that can be read on Linux using LUKS. An other tool is dm-crypt.

Linurs Servernest startpage