Note that truecrypt wins hands down on features -- as always, pick the tool that does the job.
encfs is a well-established encryption tool for linux systems and is available in most distro repos -- it does encryption of files, and while it lacks many of the options of truecrypt, it is useful for encrypting directory structures.
Installation
sudo apt-get install encfs
Yes, that's it. If you're having issues, make sure that fuse is installed, and that you belong to the group fuse (too add, do sudo usermod -a -G fuse $USER . To check do cat /etc/group|grep fuse)
Set-up
Set-up is equally easy.
encfs ~/.secret ~/encryptedThe directory "/home/me/encrypted" does not exist. Should it be created? (y,n) Y Creating new encrypted volume. Please choose from one of the following options: enter "x" for expert configuration mode, enter "p" for pre-configured paranoia mode, anything else, or an empty line will select standard mode. ?> Standard configuration selected. Configuration finished. The filesystem to be created has the following properties: Filesystem cipher: "ssl/aes", version 3:0:2 Filename encoding: "nameio/block", version 3:0:1 Key Size: 192 bits Block Size: 1024 bytes Each file contains 8 byte header with unique IV data. Filenames encoded using IV chaining mode. File holes passed through to ciphertext. Now you will need to enter a password for your filesystem. You will need to remember this password, as there is absolutely no recovery mechanism. However, the password can be changed later using encfsctl. New Encfs Password: Verify Encfs Password:
At the end of this your encryption folder will be mounted.
How it works:
A (to me) nice way of illustrating how it works is the following:
ls ~/encrypted/ -lahtotal 24K drwxr-xr-x 2 me me 4.0K Apr 18 14:29 . drwxr-xr-x 212 me me 20K Apr 18 14:29 ..ls ~/.secret/ -lahtotal 32K drwxr-xr-x 2 me me 4.0K Apr 18 14:29 . drwxr-xr-x 212 me me 20K Apr 18 14:29 .. -rw-r--r-- 1 me me 1.1K Apr 18 14:29 .encfs6.xml -rw-r--r-- 1 me me 411 Nov 14 2011 .passwd.gpgtouch ~/encrypted/test ls ~/encrypted/ -lahtotal 24K drwxr-xr-x 2 me me 4.0K Apr 18 14:32 . drwxr-xr-x 212 me me 20K Apr 18 14:29 .. -rw-r--r-- 1 me me 0 Apr 18 14:32 testls ~/.secret/ -lahtotal 32K drwxr-xr-x 2 me me 4.0K Apr 18 14:32 . drwxr-xr-x 212 me me 20K Apr 18 14:29 .. -rw-r--r-- 1 me me 1.1K Apr 18 14:29 .encfs6.xml -rw-r--r-- 1 me me 0 Apr 18 14:32 IfSGAzSkFsuN2A,SpPmnKSYu -rw-r--r-- 1 me me 411 Nov 14 2011 .passwd.gpgdf -hencfs 734G 525G 172G 76% /home/me/encrypted
In other words, anything that is put into ~/encrypted ends up as an encrypted file in ~/.secret. It's a little bit different from truecrypt, which uses a filesystem container -- this is more similar to encrypting each file with gpg/pgp, just with a good way of managing it from a filesystem pov.
Also, this means that you don't have to dedicate a certain amount of space to the encrypted file system as you would have to with truecrypt.
Anyway, unmount ~/encrypted and no-one will have access to the decrypted forms of the files.
sudo umount ~/encrypted
To mount it again, just do
encfs ~/.secret ~/encrypted
You can change the name of the directory you want to mount it in.
It is also possible to mount automatically on boot, but this would defeat most purposes of encrypting in the first place.
No comments:
Post a Comment