sidux.com

Anything goes - [HOW-TO] Creating an encrypted folder using EncFS
wegface - Feb 02, 2008 - 09:41 PM
Post subject: [HOW-TO] Creating an encrypted folder using EncFS
Ive been wondering how to create a sneaky encrypted folder within /home, and today i learned an easy way in sidux, thought id share.

      Code:
 (as root) apt-get install encfs


You also need fuse, but on sidux it should already be installed. We do however need to load the module: (edit: this step can be skipped it seems)

      Code:
(as root) modprobe fuse


Then we create a directory in /home that we want to encrypt, along with a second hidden dir.
All commands from now on can be done as user.

      Code:
mkdir .mychosenname
mkdir mychosenname


Now we mount the directories with encfs, and it will ask us a few questions to create the encrytped filesystem, including password,simply typing ENTER will do a standard configuration which should suit most people- or use ya grey matter and choose what you want.

      Code:
encfs /home/myuser/.mychosenname /home/myuser/mychosenname


Now our folder is ready to add our sensitive data. add a few files as a test. We can then "unmount" our encrypted system:

      Code:
fusermount -u /home/myuser/mychosenname


Now if u check the contents of /home/myuser/mychosenname it should be empty. The contents are now hidden in /home/myuser/.mychosenname , encrypted, unreadable and safe from preying eyes. The filenames are unreadable also.
We then remount with the command:
      Code:
encfs /home/myuser/.mychosenname /home/myuser/mychosenname

After entering the password, our contents again appear.
Very Happy
Remember: Your password is everything here, make it a good one, and dont forget it!
hubi - Feb 02, 2008 - 11:11 PM
Post subject: Re: [HOW-TO] Creating an encrypted folder using EncFS
      wegface wrote:
Remember: Your password is everything here, make it a good one, and dont forget it!
Especially when THEY start waterboarding you after a year of coercive detention, it is nice to remember the password Mr. Green

Great HOW-TO, thanks!

hubi
EvNu - Feb 03, 2008 - 11:32 AM
Post subject: RE: Re: [HOW-TO] Creating an encrypted folder using EncFS
Danke für das Howto wegface! Ist wirklich sehr leicht einzurichten. Smile Wie sicher ist denn encfs?

[EDIT]
Oh, i realised i wrote my comment in german Very Happy So, again in english: Thanks for the howto. How secure is encfs?

Gruß, EvNu
titan - Feb 03, 2008 - 02:14 PM
Post subject: RE: Re: [HOW-TO] Creating an encrypted folder using EncFS
What do you see when you look at the hidden file /home/myuser/.mychosenname , nothing or a file that won't open without a password.
Lynx_jsl - Feb 03, 2008 - 06:17 PM
Post subject: RE: Re: [HOW-TO] Creating an encrypted folder using EncFS
You see files with (almost) random names, no clear names or extensions. Never tried to open those directly...

Cheers,

S.
wegface - Feb 03, 2008 - 07:42 PM
Post subject: RE: Re: [HOW-TO] Creating an encrypted folder using EncFS
You can try and open the files, but you wont succeed Wink only way to open is remount and enter the pass.
Biggest givaway is the size of files is still visible if i remember rightly.
wegface - Feb 04, 2008 - 04:34 PM
Post subject: RE: Re: [HOW-TO] Creating an encrypted folder using EncFS
EvNu: its as secure as the encryption cypher you select. Default setting is blowfish, but it does loadsa kinds.
DeepDayze - Feb 04, 2008 - 05:34 PM
Post subject: RE: Re: [HOW-TO] Creating an encrypted folder using EncFS
Blowfish is a pretty good encryption method IMO
damentz - Feb 04, 2008 - 11:40 PM
Post subject: RE: Re: [HOW-TO] Creating an encrypted folder using EncFS
Hey, I don't think you need to do modprobe fuse. It should be loaded on demand in sidux.
@lienX - Feb 05, 2008 - 01:31 AM
Post subject: encfs maybe good but better encrypt whole partitions
Thanks for sharing your How-to!

But i would recommend encrypting your WHOLE harddisk.

Why?
1.ALL your data is secure.
-No forgotten email that has passwords in it (should not be anyway but some sites just send you cleartext passwords...)
-Your stored Iceweasel passwords are safe
-social computer attacks are much more likly to succed if someone can get even a little of /home/"user"
-....

2.You don't have the problem that you can see the single files.


I have a full secured server at home with dm-crypt and LUKS and it is really cool!
It asks for the password after Grub starts loading the kernel and thats it! My server at home runs Debian Etch and my Desktop runs sidux.

Etch has the advantage that the installer supports it Out-of-the-box.
So there i have even my / partition on a LVM encrypted.

Under sidux "only" Smile /home .
wegface - Feb 05, 2008 - 07:54 AM
Post subject: RE: encfs maybe good but better encrypt whole partitions
damentz: your correct Smile
@lienX: Yes LVM on the debian installer is very good, and i have used that in the past. For this instance i was deliberatly looking or a way to encrypt a folder only, rather that a whole partition or just a single file. Btw is it easy to set up LVM on sidux after install?
@lienX - Feb 05, 2008 - 02:40 PM
Post subject: RE: encfs maybe good but better encrypt whole partitions
Yes fairly easy there are plenty of LVM how-to's out there but you should know how LVM works to avoid problems.
http://www.debian-administration.org/articles/410
http://www.linuxdevcenter.com/pub/a/lin ... h-lvm.html
Mostly i use only Raids without LVM because i rarly need to resize my initial setup.
zulu9 - Feb 05, 2008 - 11:53 PM
Post subject: RE: encfs maybe good but better encrypt whole partitions
thx wegface for this very good howto.
I tried to translate it to German. It can be found on my blog:
http://sidux.wordpress.com/2008/02/06/v ... mit-encfs/
dpdt1 - Feb 06, 2008 - 10:19 AM
Post subject: RE: encfs maybe good but better encrypt whole partitions
also thx for this great howto.

did a -free- translation in greek and it can be found here:
http://community.athens.indymedia.org/i ... 438.0.html
hsp - Feb 06, 2008 - 10:26 AM
Post subject: Re: RE: encfs maybe good but better encrypt whole partitions
      zulu9 wrote:
thx wegface for this very good howto.
I tried to translate it to German. It can be found on my blog:
http://sidux.wordpress.com/2008/02/06/v ... mit-encfs/


Thanks... oder halt einfach danke...

...
JSmith - Aug 07, 2008 - 01:37 AM
Post subject: RE: Re: RE: encfs maybe good but better encrypt whole partit
Very informative article. You can also use KaKa Folder Protector to encrypt folder for protection. It works fine for me and quite easy to use.
damentz - Aug 07, 2008 - 03:36 AM
Post subject: RE: Re: RE: encfs maybe good but better encrypt whole partit
That is windows software, you might be in the wrong forum.
Ge0rgy - Aug 08, 2008 - 04:34 PM
Post subject: RE: Re: RE: encfs maybe good but better encrypt whole partit
Btw. some time ago i postet s little script in the Wiki that you can place at the desktop and which asks aou for passowrd via KDialog and mounts the share.
I have some of them in use. e.g. for mounting the .mozilla-folder (which is also encFS-encrypted in my case) and then starts icedove when i invoke it via click on the desktop-icon.

might be interesting.

Wholy system-encryption may be overkill on some machines, as it also encrypts parts that are not really worth to be kept secret (/usr/lib, for example). and thiy way you don't need to put in a password at boot time, just when you need to acess the encrypted data.

one waring here: encfs in general is vulnerable regarding Suspend-modes on notebooks. if your notebook enters suspend to disk while the share is mounted, its likely that the plain-info is written to swap.
Maybe such issues should be incorporated in the HAL-scripts that invoke suspend.

greetings,
me
snvv - Aug 16, 2008 - 11:54 AM
Post subject:
Using EncFS it creates an exact copy of the encrypted data. Therefore the encrypted data capacity of the disk is half.

Is there any more efficient way to encrypt folders?
speedygeo - Aug 16, 2008 - 07:32 PM
Post subject: RE: Re: RE: encfs maybe good but better encrypt whole partit
eCryptfs is in the kernel, instead encfs is at the user level.
What differences are there?
All times are GMT - 12 Hours
Powered by PNphpBB2 © 2003-2009 The Zafenio Group
Credits