PCsuggest

  • Quick tip
  • SECURITY
  • NETWORKING
  • OpenWrt
  • HARDWARE

Encrypt files and folders with eCryptfs in Ubuntu/Debian

Updated - May 14, 2020 by Arnab Satapathi

eCryptFS_main

Data security is one of the most important part of computing since its beginning days and going to be more and more important, as we are going to be far more digitized.

So, what is encryption ? Briefly encryption is a mix of math and technology to prevent unauthorized access of secret and valuable information.

Somewhat like locking money, jewellery etc. inside an iron safe, but digitally.

Encryption is extensively used by security agencies, military, business organizations, hackers, even by criminals to safeguard their privacy and protect valuable information.

But why data security and encryption is necessary for normal users like you and me ? Simply to protect us, probably you are aware of what could be done with with your email and facebook password, hard earned research papers, banking password, financial information etc. etc.

Contents

  • What is eCryptfs ?
  • KNOW THE RISK
  • Setup eCryptFS
    • 1. Install ecryptfs
    • 2. load the ecryptfs kernel module
    • 3. setup a ecryptfs encrypted directory
    • 4. avoid ecryptfs auto mount at login
    • 5. setup an encrypted /home directory
  • Conclusion

What is eCryptfs ?

Before going further, it's good to know a little more about eCryptfs, The word eCryptfs stands for Enterprise Cryptographic Filesystem. A filesystem level encryption tool, available with Linux kernel as a special stacked cryptographic file system driver. Konw more you may read the Wikipedia article and Arch wiki.

KNOW THE RISK

Default eCryptfs setup automatically mounts the encrypted filesystem after user log in, so keep your password secret. Allways take a backup of the ~/.ecryptfs/ folder and remember your log in password, whith out them encrypted data recovery is a real pain.

Setup eCryptFS

Lets encrypt our valuable information with the help of eCryptfs.

This tutorial is tested on Debian and Ubuntu. However it should work fine on any other GNU/Linux distribution like Ubuntu, Linux Mint, Fedora, Arch Linux etc.

1. Install ecryptfs

Ecryptfs is already installed in Ubuntu since a long time, to provide encrypted ecryptfs ubuntu home directory.

amazon prime logo
Try AmazonPrime for free
Enjoy free shipping and One-Day delivery, cancel any time.

To install ecryptfs on Debian, just run the command bellow.

sudo apt-get install ecryptfs-utils

2. load the ecryptfs kernel module

Load the ecryptfs kernel driver, this is only for the first time, loads automatically after next reboot.

sudo modprobe ecryptfs

3. setup a ecryptfs encrypted directory

This is the basic step to create an encrypted private directory, where you can store your private information securely. This step will create two folders in your home directory named Private and .Private. Where .Private folder contains the encrypted data and the Private is the mount point, i.e. where the decrypted data is available.

ecryptfs-setup-private
eCryptFS

enter your login password, then enter a mounting password or leave it blank to automatically generate a secured one , log out and log in again and done ! Now move your secret documents to the Private folder.

Now the encrypted filesystem is mounted, to mount and unmount the encryped Private directory, use the commands bellow.

ecryptfs-umount-private  # to un mount

ecryptfs-mount-private  # to mount it again

To encrypt any other directory, simply move the directory to the Private directory, you may create a link to that directory for easy access.

mv ~/secret/ ~/Private/  # move the secret folder

ln -s ~/Private/secret/ ~/secret/ # create the symlink for easy access

4. avoid ecryptfs auto mount at login

By default the Private folder is automatically after log in, to avoid this annoying feature, pass the  --noautoumount argument during setup, like bellow, this setup will also un mount the Private folder after logout.

ecryptfs-setup-private --noautoumount

5. setup an encrypted /home directory

To setup an encrypted home directory without any hassle, log out from current session, log in as another user (i.e. as root) , install rsync and lsof , and run the command as root, ecryptfs-migrate-home -u username .

An example with Debian.

sudo apt-get install lsof  # install lsof

sudo apt-get install rsync # install rsync

sudo ecryptfs-migrate-home -u b00m      # setup encrypted home, b00m is the username

Conclusion

Now its your turn, secure your sensitive data and stay safe, hope this tutorial will help to encrypt them with eCryptfs.

If you need any further assistance just leave a comment, we’d be happy to assist you.
Feel free to share this tutorial with your friends.

Filed Under: linux basics, security Tagged With: ecryptfs, encryption, security, Ubuntu

Your comments
  1. Kevin Decker says

    May 19, 2020

    ecryptfs-setup-private where is this executed from as to what home directory. Could you show an example please

    Reply
  2. Jesvin Joseph says

    August 19, 2019

    Hi,

    My application is running on a remote machine, which should run everytime even without login. I want to store my application data in this encrypted partition. But this requires a login to mount the Private directory. So is there any way we can mount this automatically during system boot without login?

    Reply
    • Arnab Satapathi says

      August 21, 2019

      eCryptFS is not built for that purpose.
      However you can fiddle with systemd services and custom scripts.

      Reply

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Copyright © PCsuggest.com · All rights reserved.

  • Home
  • About
  • Contact
  • Privacy Policy
  • Sitemap