WARNING: This tutorial has been superseded by a future tutorial, using a full plugin, found here.
Encfs is a program that can be used to encrypt folders, unlike other encryption methods this doesn’t require a file of a fixed size, so you can use the decrypted folder in the same way as a regular folder without worrying about space.
This tutorial will explain a convenient way to use this tool.
This method can both be used from the GUI and the command line.
To understand if this is what you want please read the example in the usage section at the bottom before going through the setup.
First, you will of course need to install the encfs program, the easiest way to do that (on Ubuntu) is to try clicking this link:
or copy this into a terminal:
sudo apt-get install encfs -y
In addition to this we will be using gnome-encfs, a small program that allows you to use the gnome-keyring to store encryption passwords. This program by Oben Sonne can be found here, after downloading it, extract the gnome-encfs file to your home folder.
Then to install it run:
sudo install gnome-encfs /usr/local/bin
To do this, we will be using a couple of scripts, that can be used in Nautilus (the file manager) or from the command line.
To install these scripts just save them into ~/.gnome2/nautilus-scripts/ (that is the folder
nautilus-scripts in the
.gnome2 hidden folder in your home folder):
You can download the first script here. Right-click > Save as, then save it in the above folder (Ctrl+H shows hidden folders). Save it with whatever name you want to appear in the menu.
Repeat this for the unmount script, found here.
In order to allow them to run, you need to make them executable, in the terminal this can be done by copying and pasting:
chmod +x ~/.gnome2/nautilus-scripts/emount ~/.gnome2/nautilus-scripts/eumount
Don’t forget to change the
eumount names if you’re using different names.
Now if you right-click on a folder, go to scripts, you should see emount and eumount (or whatever you named them). Read the usage section to find out how to use them.
To use the scripts from the command line, we need to make symlinks, just run:
sudo ln -s ~/.gnome2/nautilus-scripts/emount /usr/local/bin/emount &&
sudo ln -s ~/.gnome2/nautilus-scripts/eumount /usr/local/bin/eumount
Change the first
emount to the name you saved for the GUI, and the second
emount to the name you want to use for the command. Repeat with
I’ll give a little example here to demonstrate usage. Let’s say your Pictures folder contains some naughty images and you’d like to encrypt the entire folder. Let’s also say we want to do this from the GUI without using the command line.
Simply right-click and
emount the folder you want to encrypt. A window will now pop-up asking for the name of the folder where the decrypted contents will be displayed, I’ll use
pictures-decrypted for this, you can use any name you like.
It will then ask if you want to have it automatically mount at login, this will allow you to have it always decrypted for you, but make sure nobody else will be able to see the contents without logging in. Finally, it asks you for a password, this is the password you want it to use for decrypting the folder (not your login).
You will then see a new folder has been created, in my case it’s called pictures-decrypted. This new folder is the decrypted contents of the Pictures folder. If you add any new files, you need to save them into this decrypted folder, they will then automatically be encrypted.
pictures-decrypted and select eumount. The decrypted folder should now have vanished.
If you look in the Pictures folder you will see that the contents are all encrypted and you will be unable to view any of the files.
This works similarly to the GUI, but used from the command line:
will decrypt (or encrypt if it’s not encrypted yet) the
foo folder. While:
will unmount the
If you are going to auto-mount the folder on login, then you could rename the encrypted folder to something like
.pictures-encrypt (the . makes it a hidden folder). Then when you make it encrypted, you can name the decrypted folder Pictures, so the encrypted folder remains hidden, and the decrypted folder acts like your normal pictures folder.
Now in future all you have to do is right-click the Pictures folder and select emount. It will then retrieve your password from gnome-keyring and the decrypted folder will appear there with all your pictures in, and right-clicking and eumount will make them disappear again, so nobody will be able to view them without your password.
I’ve written a follow-up post to this one that explains how this can be used to encrypt Firefox data seamlessly. You can read it here.