Encrypting Folders in Linux

| Comments

In the past, I have “hidden” files that contain passwords in strange ways such as placing them in text files named “Personal Journal” or “Recipe List”. I ask myself, really? And how do you think that would help you if anyone ever did gain access to your file system? Today, I fixed my naive approach to securing data.

I chose to use eCryptfs which is a common package used in Ubuntu and Google’s ChromeOS. One of the advantages of eCryptfs is that the file encryption key is stored in the header of the file. This means that the folder may be moved easily to a different machine without any additional information. Everything you need to decrypt is contained in the file. The usage is straight forward; however, for those new to the cryptography world such as myself, there were a few gotcha’s.

Installing eCryptfs

You will want to install the eCryptfs utility. If your on Ubuntu, this is most likely already installed. This is the same package that is used to encrypt home directories.

1
sudo apt-get install ecryptfs-utils

Setting up the Folder

You will want to create the folder:

1
mkdir ~/secure

You will also want to make sure that you are the only one with access to the folder:

1
chmod 700 ~/secure

Note: It is at this point that I wanted to place my ‘to be encrypted’ files in the folder. This is a mistake. Wait until after we have mounted the folder with eCryptfs.

Encrypting the Folder

To encrypt the folder, you will want to mount the folder with eCryptfs:

1
sudo mount -t ecryptfs ./secure ./secure

With the first ./secure we are specifying the location of the encrypted files and with the second ./secure we are specifying the location for viewing the decrypted the files. These paths can be different, for my purposes it was easier if they were the same thing.

Configuring the Encryption Method

eCryptfs will ask you how you want your files encrypted. I accepted the defaults and opted out of pain text pass through and file name encryption.

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
$ sudo mount -t ecryptfs ./secure ./secure 
Passphrase: 
Select cipher: 
 1) aes: blocksize = 16; min keysize = 16; max keysize = 32 (not loaded)
 2) blowfish: blocksize = 16; min keysize = 16; max keysize = 56 (not loaded)
 3) des3_ede: blocksize = 8; min keysize = 24; max keysize = 24 (not loaded)
 4) cast6: blocksize = 16; min keysize = 16; max keysize = 32 (not loaded)
 5) cast5: blocksize = 8; min keysize = 5; max keysize = 16 (not loaded)
Selection [aes]: 1
Select key bytes: 
 1) 16
 2) 32
 3) 24
Selection [16]: 
Enable plaintext passthrough (y/n) [n]: n
Enable filename encryption (y/n) [n]: n
Mounted eCryptfs

Add Files and Unmount

At this point you will want to add the files that you want encrypted and unmount the directory.

1
2
mv test_text.txt ./secure
sudo umount ./secure

Summary

You should now have a folder of encrypted files. For a more in depth explanation, I recommend reading eCryptfs: A Stacked Cryptographic Filesystem by Mike Halcrow the author of eCryptfs.

Comments