{"id":832,"date":"2018-10-06T16:19:33","date_gmt":"2018-10-06T13:19:33","guid":{"rendered":"http:\/\/kifarunix.com\/?p=832"},"modified":"2023-05-14T11:40:23","modified_gmt":"2023-05-14T08:40:23","slug":"how-to-encrypt-files-and-folders-with-ecryptfs-on-ubuntu-18-04","status":"publish","type":"post","link":"https:\/\/kifarunix.com\/how-to-encrypt-files-and-folders-with-ecryptfs-on-ubuntu-18-04\/","title":{"rendered":"How to Encrypt Files and Folders with eCryptFS on Ubuntu 18.04"},"content":{"rendered":"\n
\"Encrypt<\/figure><\/a><\/div>\n\n\n\n

In this tutorial, you will learn how to Encrypt Files and Folders with eCryptFS<\/a> on Ubuntu 18.04. Encryption<\/strong> is the process in which a plain text data, a message or information, is converted to a random and meaningless data, commonly known as ciphertext. Encrypted data can only accessed by authorized parties while those who are not authorized cannot access it.<\/p>\n\n\n\n

How to Encrypt Files and Folders with eCryptFS on Ubuntu<\/h2>\n\n\n\n

There are several methods of encrypting data in Linux for example EncFS, eCryptFS for filesystem level encryption, Loop-AES, DMCrypt, CipherShield for full disk encryption. Well, in this tutorial, we are going to learn how to encrypt files and folders on Ubuntu 18.04 by using eCryptFS utility.<\/p>\n\n\n\n

eCryptfs<\/span> is a POSIX-compliant enterprise-class stacked cryptographic filesystem for Linux. Layering on top of the filesystem layer eCryptfs<\/span> protects files no matter the underlying filesystem, partition type, etc<\/p>\n\n\n\n

During installation, Ubuntu provides an option to encrypt the \/home<\/span> partition using eCryptfs<\/span>. This will automatically configure everything needed to encrypt and mount the partition However, if you dont get on pretty well with this, run through the following steps to ecnrypt your files and directories manually.<\/p>\n\n\n\n

Install eCryptFS on Ubuntu<\/h3>\n\n\n\n

To use eCryptFS, install the necessary packages. However, if you enabled home directory encryption during installation, this utility should already be installed.<\/p>\n\n\n\n

sudo apt install ecryptfs-utils -y<\/span><\/code><\/pre>\n\n\n\n
Encrypt a Directory using eCryptFS on Linux<\/h3>\n\n\n\n
Now that the installation is done, it is time to see ecryptfs in action. Let say\u00a0 you want to encrypt \/home\/$USER\/mydocuments<\/strong>.<\/p>\n\n\n\n
To encrypt the directory above, mount it with ecryptfs filesystem type as shown below.<\/p>\n\n\n\n
sudo mount -t ecryptfs mydocuments\/ mydocuments\/<\/code><\/pre>\n\n\n\n
When this command is run, it asks for a passphrase and several other prompts. Answer them accordingly.<\/p>\n\n\n\n
\nPassphrase:    Enter your passpharase here<\/strong>\nSelect cipher:\n1) aes: blocksize = 16; min keysize = 16; max keysize = 32\n2) blowfish: blocksize = 8; min keysize = 16; max keysize = 56\n3) des3_ede: blocksize = 8; min keysize = 24; max keysize = 24\n4) twofish: blocksize = 16; min keysize = 16; max keysize = 32\n5) cast6: blocksize = 16; min keysize = 16; max keysize = 32\n6) cast5: blocksize = 8; min keysize = 5; max keysize = 16\nSelection [aes]:  Press Enter<\/strong>\nSelect key bytes: \n1) 16\n2) 32\n3) 24\nSelection [16]:  Press Enter<\/strong>\nEnable plaintext passthrough (y\/n) [n]: n<\/strong>\nEnable filename encryption (y\/n) [n]: n<\/strong>\nAttempting to mount with the following options:\necryptfs_unlink_sigs\necryptfs_key_bytes=16\necryptfs_cipher=aes\necryptfs_sig=96b6fac91e0a01b8\nMounted eCryptfs\n<\/code><\/pre>\n\n\n\n
The encrypted directory is now mounted. Run the command below to verify the mounting.<\/p>\n\n\n\n
sudo mount | grep mydocuments<\/code><\/pre>\n\n\n\n
\/home\/$USER\/mydocuments on \/home\/$USER\/mydocuments type ecryptfs (rw,relatime,ecryptfs_sig=96b6fac91e0a01b8,ecryptfs_cipher=aes,ecryptfs_key_bytes=16,ecryptfs_unlink_sigs)<\/code><\/pre>\n\n\n\n
You can now start putting your sensitive data to the directory. As an example, let us create a file with random data within the encrypted directory.<\/p>\n\n\n\n
cat mydocuments\/clients-contacts.txt<\/code><\/pre>\n\n\n\n
ClientA: 020-000001\nClientB: 020-000002\nClientC: 020-000003\nClientD: 020-000004<\/code><\/pre>\n\n\n\n
As long as the directory is mounted, the data is accessible. Let us unmount the directory and see if it is possible to access the data.<\/p>\n\n\n\n
sudo umount \/home\/$USER\/mydocuments<\/code><\/pre>\n\n\n\n
Try to view the data now.<\/p>\n\n\n\n
cat mydocuments\/clients-contacts.txt<\/code><\/pre>\n\n\n\n
\nP.p\"3DUfw`\u0584[PJP5~p_CONSOLE9mx\u01eeP|Xt\u07eb0ak!f(B\u01ac \n:i>0o989<\u0464k@OmD(WZ=&Ss<g9#@\\e`\\A]L!\\U]s\/zU.x|B$HPmTTzyrrx4%@$8!r]sI\\#4q1Z8&\u06ffGGb$7\n^QU\ufdf1Ia4\u0275K,tyhUUHi 0]h<S+fK2DH-mC[iO-XbKd\u05f0@%xYs, w'\nO-nt!z\"\u027e6AZy\u01b7.\u0603T`\u01e10Ff\u04f2\u072e%O{@[\u07d58wLR\u047bsr&]^ XoeA\"m?SVb&\/Nrg\u03b8o?&[sj!\n\"lL C\u042f5)+H^rA2aKxf.a+}LiA\u031d|gSOj2y_x~Ma^p.PmPUvdjv34 c5-F\\hFQ\u00bdCTLB#OI+5.WXsDlb\u02ba\nf50)> AJa7$~4V!R;udP]\u07b1ABSyT!qg D;fY(&4!aX@\"Jy\u026cPwvJ\"h}B<nS>e\n)@[K~w39PK^ j~p\"G'eQEK&3Ywe,\u03f7,AVj\u01ba!yUoX \u00b7@\\:!{mQf\u06e2'w\u0163ap]4}% \u03b1u[0M#>S\u9b4dg9t_A0k=\u06ca;\nw\u210dGZN$V2\"HI-4oI\u12adEoK?]9sIr0J:{uTJ8\ue74bD\u058d+ n\u026a7CI&iCELYa\u0305\u00ff\u049e\u0799n)-]}C\n\/\u028446}u4bo\\B4I\u06eb+1hdH2:)>Vj{#B8<p6)3XHwluDkQ{\\ngnk\uf20e|P\u02d1qw0Es%\u06d7(?q>L~\u066a|d9KN;bJZ]>1\u36eca.SCl\u07f4?<\nk \u04a5fjnX(n\u04bdH^>vs&tb?:?c7o\\Ur2\u02f5\u0577\u011d;X+$W\/$PE5om\u0266bu9Y0jxR^C)C~J&J>~8l#D4$5iOhX !07mhB\nV\u0327\u00f0E<? \"5h7#d|p#\u0258SJ\u0738<<Uu9\u0314\u3566QIr\"xa\u05d1zM^*''SCn~;kA\n'\u03a29Cj#@k\u043e-=wK ;jt\ue30fIPlP}I&9 *]nL2XYG||V fyha4SC:Ox<AJ2\u0763',fy:[p0u2t+ ?\ue8b6\u0535\u02ab\u0305x~Z%\u069422#&7*Yxdg\n#t-7dZZUnGJ\/6[,e_m\ua879]N=~c\u024f|tQ0c4Q.,-AZaJ\/n%-zPm\u7d73v`#+{[n%l}U\\9=_'(Sdq&b&44C5,\nU9\u07efYK\u02df{O_xja423-@X4x~t\u0167K0\u8369t]?qwN!dM\u051eWl]SD;4>yr|a.\n\u0590665G|-ulJw$2<F1nn\"\u0460X7PF<,q*~aW%'C&I2'\u057d\nS{~~H@q.yQd;,?o \u00efqx+5q69{i]ax1;7@>HOX:=M|zb<I\u51e2K3QFz\"?02C}mdj\/|8xP\u072b\u07dc9b3~Q2\u031ch\n<\/code><\/pre>\n\n\n\n
This is all meaningless. To access the data, you need to remount the directory. When prompted for the passphrase, use the one you set while mounting the directory for the first time.<\/p>\n\n\n\n
sudo mount -t ecryptfs mydocuments\/ mydocuments\/<\/code><\/pre>\n\n\n\n
\nPassphrase:    Enter your Previous passpharase here<\/strong>\nSelect cipher:\n1) aes: blocksize = 16; min keysize = 16; max keysize = 32\n2) blowfish: blocksize = 8; min keysize = 16; max keysize = 56\n3) des3_ede: blocksize = 8; min keysize = 24; max keysize = 24\n4) twofish: blocksize = 16; min keysize = 16; max keysize = 32\n5) cast6: blocksize = 16; min keysize = 16; max keysize = 32\n6) cast5: blocksize = 8; min keysize = 5; max keysize = 16\nSelection [aes]:  Press Enter<\/strong>\nSelect key bytes: \n1) 16\n2) 32\n3) 24\nSelection [16]:  Press Enter<\/strong>\nEnable plaintext passthrough (y\/n) [n]: n<\/strong>\nEnable filename encryption (y\/n) [n]: n<\/strong>\nAttempting to mount with the following options:\necryptfs_unlink_sigs\necryptfs_key_bytes=16\necryptfs_cipher=aes\necryptfs_sig=96b6fac91e0a01b8\nMounted eCryptfs\n<\/code><\/pre>\n\n\n\n
You can now be able to view your data in the encrypted directory.<\/p>\n\n\n\n
The process of remounting the directory is so manual and a bit taunting. Therefore, to automate this process, you can create a bash script or use a USB with a passphrase key to automate this process.<\/p>\n\n\n\n
See our next tutorial on how to automate this mounting process<\/a>. Cheers.<\/p>\n\n\n\n
That marks the end of our tutorial on how to encrypt files and folders with eCryptFS on Ubuntu 18.04.<\/p>\n\n\n\n
Other Tutorials<\/h3>\n\n\n\n
How to Use VeraCrypt on Command Line to Encrypt Drives on Ubuntu 18.04<\/a><\/p>\n\n\n\n
Install and Setup VeraCrypt on Ubuntu 20.04<\/a><\/p>\n\n\n\n
Encrypt Drives with LUKS in Linux<\/a><\/p>\n\n\n\n
Automount LUKS Encrypted Device in Linux<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"
In this tutorial, you will learn how to Encrypt Files and Folders with eCryptFS on Ubuntu 18.04. Encryption is the process in which a plain<\/p>\n","protected":false},"author":1,"featured_media":8532,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"rank_math_lock_modified_date":false,"footnotes":""},"categories":[34,159],"tags":[161,160,3386,3387,3388,67],"class_list":["post-832","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-security","category-encryption","tag-ecryptfs","tag-encryption","tag-how-to-encrypt-directories-with-ecryptfs","tag-how-to-encrypt-files-with-ecryptfs","tag-how-to-use-ecryptfs-on-linux","tag-ubuntu-18-04","generate-columns","tablet-grid-50","mobile-grid-100","grid-parent","grid-50","resize-featured-image"],"_links":{"self":[{"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/posts\/832"}],"collection":[{"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/comments?post=832"}],"version-history":[{"count":7,"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/posts\/832\/revisions"}],"predecessor-version":[{"id":16624,"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/posts\/832\/revisions\/16624"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/media\/8532"}],"wp:attachment":[{"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/media?parent=832"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/categories?post=832"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/tags?post=832"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}