Howto: Easily encrypt individual folders

WARNING: This tutorial has been superseded by a future tutorial, using a full plugin, found here.

Encfs is a program that can be used to encrypt folders, unlike other encryption methods this doesn’t require a file of a fixed size, so you can use the decrypted folder in the same way as a regular folder without worrying about space.

This tutorial will explain a convenient way to use this tool.

This method can both be used from the GUI and the command line.
To understand if this is what you want please read the example in the usage section at the bottom before going through the setup.

Pre-installation

First, you will of course need to install the encfs program, the easiest way to do that (on Ubuntu) is to try clicking this link:

apt:encfs

or copy this into a terminal:

sudo apt-get install encfs -y

In addition to this we will be using gnome-encfs, a small program that allows you to use the gnome-keyring to store encryption passwords. This program by Oben Sonne can be found here, after downloading it, extract the gnome-encfs file to your home folder.

Then to install it run:

sudo install gnome-encfs /usr/local/bin

Installation

To do this, we will be using a couple of scripts, that can be used in Nautilus (the file manager) or from the command line.

Scripts

To install these scripts just save them into ~/.gnome2/nautilus-scripts/ (that is the folder nautilus-scripts in the .gnome2 hidden folder in your home folder):

You can download the first script here. Right-click > Save as, then save it in the above folder (Ctrl+H shows hidden folders). Save it with whatever name you want to appear in the menu.

Repeat this for the unmount script, found here.

In order to allow them to run, you need to make them executable, in the terminal this can be done by copying and pasting:

chmod +x ~/.gnome2/nautilus-scripts/emount ~/.gnome2/nautilus-scripts/eumount

Don’t forget to change the emount and eumount names if you’re using different names.

Now if you right-click on a folder, go to scripts, you should see emount and eumount (or whatever you named them). Read the usage section to find out how to use them.

Command Line

To use the scripts from the command line, we need to make symlinks, just run:

sudo ln -s ~/.gnome2/nautilus-scripts/emount /usr/local/bin/emount &&
sudo ln -s ~/.gnome2/nautilus-scripts/eumount /usr/local/bin/eumount

Change the first emount to the name you saved for the GUI, and the second emount to the name you want to use for the command. Repeat with eumount.

Usage

I’ll give a little example here to demonstrate usage. Let’s say your Pictures folder contains some naughty images and you’d like to encrypt the entire folder. Let’s also say we want to do this from the GUI without using the command line.

Pictures folder
The contents of my Pictures folder.

Encrypting

Simply right-click and emount the folder you want to encrypt. A window will now pop-up asking for the name of the folder where the decrypted contents will be displayed, I’ll use pictures-decrypted for this, you can use any name you like.

Creating the encrypted folder
Naming the decrypted folder.

It will then ask if you want to have it automatically mount at login, this will allow you to have it always decrypted for you, but make sure nobody else will be able to see the contents without logging in. Finally, it asks you for a password, this is the password you want it to use for decrypting the folder (not your login).

You will then see a new folder has been created, in my case it’s called pictures-decrypted. This new folder is the decrypted contents of the Pictures folder. If you add any new files, you need to save them into this decrypted folder, they will then automatically be encrypted.

Folders after decryption
The folders after decrypting.

Unmounting

Simply right-click pictures-decrypted and select eumount. The decrypted folder should now have vanished.

If you look in the Pictures folder you will see that the contents are all encrypted and you will be unable to view any of the files.

The encrypted contents
With the contents encrypted nobody will be able to view them anymore.

Command Line

This works similarly to the GUI, but used from the command line:

emount foo/

will decrypt (or encrypt if it’s not encrypted yet) the foo folder. While:

eumount bar/

will unmount the bar folder.

Auto-mount tip

If you are going to auto-mount the folder on login, then you could rename the encrypted folder to something like .pictures-encrypt (the . makes it a hidden folder). Then when you make it encrypted, you can name the decrypted folder Pictures, so the encrypted folder remains hidden, and the decrypted folder acts like your normal pictures folder.

Decrypting

Now in future all you have to do is right-click the Pictures folder and select emount. It will then retrieve your password from gnome-keyring and the decrypted folder will appear there with all your pictures in, and right-clicking and eumount will make them disappear again, so nobody will be able to view them without your password.

Extension

I’ve written a follow-up post to this one that explains how this can be used to encrypt Firefox data seamlessly. You can read it here.

Unu penso pri “Howto: Easily encrypt individual folders

  1. 21/3/2011 – No longer need to move around files, script does it for you.
    26/3/2011 – Fixed a bug in the script if you cancel unlocking the keyring.
    28/3/2011 – Fixed GUI/CLI check. Fixed issue creating mount with full path.
    4/7/2011 – Fixed a bug when folder names contain spaces.

Komentado estas fermita.