How to Encrypt Files and Directories Using eCryptFS on Linux

Encrypt files and directories using eCryptFS on Linux and make sure all your files and confidential data are protected from unwanted reach. Although it sounds too technical, in reality getting the job done isn’t really that challenging. 

The Enterprise Cryptographic Filesystem also known as eCryptFS, is a disk encryption package for Linux-based systems. Promisingly protecting files and directories, eCryptFS is a brilliant utility to have access to today. In the following article, I’ll guide you on how to use this tool and conclude all the encryption-related activities in minutes.

Pre Requisites

It is crucial to install the necessary utilities before you encrypt files and directories using eCryptFS on Linux. The fact that eCryptFS is already available in the default repositories of most of the Linux distributions, the installation is a pretty much seamless process. 

To install eCryptFS on Linux, launch the Terminal by using the “Ctrl+Alt+T” key combination and use the command according to the distribution of the concerned system.

On openSUSE:

$ sudo zypper --install ecryptfs-utils

On CentOS 8 or REL 8:

$ sudo yum install epel-release
$ sudo yum install ecryptfs-utils

For Arch Linux:

$ sudo pacman -S ecryptfs-utils

On the Debian/Ubuntu:

$ sudo apt-get install ecryptfs-utils

How to Encrypt Files and Directories Using eCryptFS on Linux

Once you’ve installed the required utility, you’re ready to encrypt files and directories using eCryptFS on Linux. Similar to getting the installation done, the overall process applied in the encryption is straightforward and will involve you no trouble whatsoever.

Step 1: Initiating the Encryption

To encrypt files and directories using eCryptFS on Linux, you’ll need to invoke the mount command alongside the -t flag and the encryptfs option. The usual syntax of the required command looks something like this:

$ mount -t encryptfs [desired source directory] [desired destination directory] -o [options]
Encrypt Files and Directories Using eCryptFS

Here, while using the command, you’ll need to replace the [desired source directory] [desired destination directory] sections with the actual directories under concern. 

Step 2: Encrypting the Directories

Once you invoke the command mentioned above, you’ll enter a passphrase output from where you can conclude the encryption process. From the displayed output, select the key bytes and chipper accordingly. 

After that, enable/disable the pass through and decide whether you’ll like to proceed with the mount or not. In case you input “N,” the encryption procedure will terminate. 

Step 3:  Verifying the Encryption

Being able to get to this point, you should already know how to encrypt files and directories using eCryptFS on Linux. However, before you decide to proceed any further, it is always a good idea to verify if the encryption was successfully concluded. 

Directory Verification:

Launch the command using the “Ctrl+Alt+T” key combination and run the following command:

$ mount | grep encryptfs
directory verification

Study the output and verify if you’ve successfully encrypted the desired directory.

File Verification:

After ensuring that your system is encrypted, let’s dive a little bit deeper. Consider a file within the directory, and check whether the encryption is intact. For this, suppose we’ve got a file named testfile.txt. In case you don’t have it, simply create one.

At first, open the file using an editor, vim, for instance.

Input:

$ sudo vim [desired directory]/testfile.txt
encrypting the file

After that, add a simple text to it. You can write something like, “This is for testing purposes.”

Save the file and exit.

Now invoke the cat command and see if you can view the content inside.

Input:

$ cat [desired directory]/testfile.txt

Output:

This is for testing purposes

As you can see, the content, despite being encrypted, is still observable. This is because the file is mounted. So let us attempt viewing the same after unmounting the directory.

Getting the directory unmounted is no big deal. Just invoke the unmount command in the following format:

$ sudo unmount [desired directory]

Head back to the Terminal and run the cat command one more time.

Input:

$ cat [desired directory]/testfile.txt
Encrypt Files and Directories Using eCryptFS

The output will now be unreadable. However, in order to view it you’ll need to walk through the mounting process followed by entering the passphrase section.

How to Automatically Mount the Directory on Boot?

If you’ve made it so far, I don’t think it will be hard for you to understand that to access an encrypted directory and the files within, you’ll need to remount it on every system boot. The actions can be a bit annoying at times. Luckily, we know an easy way out.

You can do it by configuring the eCryptFS to mount the desired directory on the system boot automatically. Remember,having access to a removable USB drive is crucial to get the job done,. 

Start by plugging in the USB.

After that, run the fdisk command and identify the device.

Input:

$ fdisk -l
disk checker

Create a mount point using the sudo mkdir command.

Input:

$ sudo mkdir /mnt/flashdisk

Once done, mount the USB stick to the created mount point.

Input:

$ sudo mount [USB Directory] /mnt/flashdisk
mount USB

Create a signature code by using the following command:

$ sudo vi /root/ .encryptfsrc

Finally, create a dedicated passphrase on the mounted USB drive, followed by editing the fstab file. 

And so we’ve reached the end of this article. Apart from helping you on the encryption process, we’ve also discussed configuring the eCryptFS tool to automatically mount the directories on system boot.

With that, I’m done guiding you on how to encrypt files and directories using eCryptFS on Linux. The process is simple but, at the same time, can be troubling in case you’re unaware of the appropriate approach.

If this guide helped you, please share it.

Leave a Reply
Related Posts