Privacy and security have become an important concern these days. Encryption plays an important role in securing and protecting your confidential data. In Linux, there are many tools that can be used to encrypt the data. In this article, we will talk about one of such tools eCryptfs that allows encrypting partitions and directories in a Linux system. This article explains the following;
- Installation of eCryptfs
- Encryption of directories using eCryptfs
- Auto-mount the encrypted directory
Note that we have explained the procedure on Ubuntu 18.04 LTS system.
Syntax
The general syntax for using eCryptfs is:
$ mount -t ecryptfs [source directory] [Destintaion directory] -o [options]
Install eCryptfs
eCryptfs is already included in the official Ubuntu repositories, so we can install it using the apt command. Open the Terminal in your Ubuntu system by pressing Ctrl Alt T. Now in the Terminal, execute this command to install eCryptfs:
$ sudo apt install ecryptfs-utils –y
Wait for a while until the installation of eCryptfs is completed.
Encrypt Directories using eCryptfs
To encrypt a directory using eCryptfs, use the syntax described above and replacing the and [Destintaion directory] with your own source or directory name.
For instance, I want to encrypt the “Myfiles” directory under my Home directory. In this case, the command would be:
$ sudo mount -t ecryptfs ~/Documents/Myfiles/ ~/Documents/Myfiles/
When you run the above command, you will be asked to provide some details along with passphrase. The passphrase is actually the encryption key that will be used to later to decrypt the encrypted directory.
Also, note that the details you provide will be later used when remounting the directory.
Now our directory is encrypted and mounted. You can verify it by running the following command:
You will see output similar to this.
Verifying Encryption
Let’s create a document in the mounted directory using the Nano editor.
$ sudo nano ~/Documents/Myfiles/sample.txt
Now add some text in the file and press Ctrl O and Ctrl X to save and exit the file respectively. Now try to view this document using the cat command:
$ cat ~/Documents/Myfiles/sample.txt
You will see that the document is unencrypted and you can view the content. It is due to the reason that the directory is mounted at this time. Remember that as long as the directory is mounted, you will be able to see the content unless you unmount it.
Now let’s try unmounting the directory. Use the following syntax to do so:
$ umount [mounted_directory]
In our case, it would be:
$ umount ~/Documents/Myfiles/
Note: to unmount a directory, the command is “umount” instead of “unmount”.
As the directory is unmounted, so now let’s view the document using the cat command. This time, you will not be able to view the original content. Instead, you will see the encrypted text.
To access your files again, you will need to re-mount them and enter the same passphrase and details you have set earlier while mounting for the first time.
Automatically mount the encrypted directory
You will need to mount the encrypted directory every time you reboot the system. To avoid this situation, you can configure eCryptfs to automount the encrypted directory at every boot. Let’s see how to do this:
Insert a USB drive into your system. After that, run the following command and note down the name of the USB device:
From the above output, you can see my device name is “/dev/sdd1”.
Create a mount point using the following command:
Now mount the USB drive at this mount point:
$ mount /dev/sdd1 /mnt/usb
Run this command and copy the signature from the output:
$ sudo cat /root/.ecryptfs/sig-cache.txt
Next, create a signature file using this command:
Then insert the signature you copied above in previous step.
Once done, save and exit the file.
Next, we will create a passphrase file in the USB drive. To do so, run the following command in Terminal:
$ nano /mnt/usb/key_file.txt
Add the following line by replacing the “your_passphrase” with the actual passphrase:
passphrase_passwd=your_passphrase
Now edit the /etc/fstab file using the Nano editor:
Then add following lines:
/dev/sdd1 /mnt/usb ext3 ro 0 0Documents/Myfiles/
~/Documents/Myfiles/ ecryptfs defaults 0 0Change the device name,
mount point, and the encrypted directories according as per your system.
Once done, save and exit the file. Then reboot the system and the ~/Documents/Myfiles should be mounted.
In this article, we have learned to use eCryptfs for encrypting directories in Ubuntu. To access the encrypted directory, simply mount the directory and once you are done, unmount it. We have also discussed how to automatically mount the encrypted directory to avoid mounting every time the system boots.
About the author
Karim Buzdar
Karim Buzdar holds a degree in telecommunication engineering and holds several sysadmin certifications. As an IT engineer and technical author, he writes for various web sites. You can reach Karim on LinkedIn.