Encrypted Filesystems Ubuntu

by Stephen Fluin 2009.10.24

Encryption is a pretty common operating system task. The assumption should always be that your data is important and needs securing, as it is much easier to deal with problems with over-encrypted data, than to deal with data that wasn't encrypted and should have been. Ubuntu has some eally easy encryption using a fuse filesystem. The command to look at is called "encfs". It takes a directory on your system, and creates a userland filesystem on top of it. The filesystem you use is encrypted to the data folder, so when it is unmounted, all you have left is the unreadable encrypted folder.

Point of Caution: encfs keeps the same file structure as the true data, although it encrypts the contents of the files and the filenames themselves, if there is any information that can be gleaned from your filesystem layout, or the number of files, or the dates of the files, these will not be protected with this encryption method.

encfs /path/to/folder/raw /path/to/folder/disk

This command will create an encrypted fileystem that stores its raw data at /path/to/folder/raw, and will mount the temporarily-unencrypted fileystem at /path/to/folder/disk. The directory names don't really matter, but as a matter of practice, I prefer to use the folder names "raw" and "disk" in the same folder, so that is clear what I'm looking at.

The first time you run this command, will ask to create a password. Every time after that, you will have to enter the original password. Beware, if you lose the password, you will be unable to recover the data. This feature is exactly why encrypted filesystems are mostly secured from attack. Someone could always bruteforce your data, but that could be done with any sort of filesystem encryption.

When you are done using the data, unmount it so others don't have access:

unmount with fusermount -u /path/to/folder/disk

Why use encfs?

There are a lot of encrypted filesystem tools and techniques in linux, but I prefer this one. Most of the other tools and techniques are integrated into your window manager, and most of them will automount and decrypt your secured folders. I don't like this because it defeats the purpose of use encryption, because in those cases where it doesn't require a password, hackers/people that want your data can simply look up the automounting procedure to decrypt your data.


permalink