EncFS provides an encrypted filesystem in user-space. It runs without any special permissions and uses the FUSE library module to provide the filesystem interface.
2016-12-28 - I have no memory of using this. Boy will it be awkward if I come across stuff encrypted with it.
- EncFS reviews
- EncFS troubleshooting
rlog, created by the EncFS author, is a dependency.
K-EncFS is a GUI tool.
- Can set the encryption type on filesystem creation.
- MAC checksums help avoid any possibility of an application loading up modified data.
Related reading ∞
Tested 2006-09-03 with EncFS 1.23 on
Note that only the user who mounted the directory can use it. Not even root can look inside!
- Creation or Mounting:
mkdir ~/.crypt-raw mkdir ~/crypt # encfs ./encrypted-dir /mount-point encfs ~/.crypt-raw ~/crypt # (fill out your preferences) cd ~/crypt echo "this is stored in an encrypted file" > foo echo "Everything is good here:" ls cd ~/.crypt-raw echo "Everything is encrypted here:" ls
# fusermount -u ~/mount-point fusermount -u ~/crypt echo "Not mounted anymore:" ls ~/crypt echo "Still encrypted:" ls ~/.crypt-raw
- Deleting temporary directories:
fusermount -u ~/crypt rm -rf ~/.crypt-raw rm -rf ~/crypt
Automatic mounting with a shell script ∞
d.canova at tiscali.it writes:
/home/encfs/$USER/.rootdir as rootdir so I can save unencrypted data in
/home/encfs/$USER if I need. Here is my script (very basic):
#!/bin/sh if [ -d /home/encfs/$USER/.rootdir ]; then # if rootdir exists if ! mount | grep -q $HOME; then # if nothing mounted in $HOME cd /home/encfs/$USER # get out of the mount point until echo "$answer" | grep -iqx "no\?"; do answer="n" if ! encfs /home/encfs/$USER/.rootdir $HOME; then read -ep "Retry (Y/n)? " answer fi done cd fi # X authority file must be outside of the EncFS volume # until FUSE get lock operations support export XAUTHORITY="/home/encfs/$USER/.Xauthority" fi
Automatic mounting with PAM ∞
PAM integration allows encfs to be mounted when a user logs in (using the login password)
Valient Gough said on the mailing list:
You'd have to modify the source code and recompile it.
Look in the file encfs/FileUtils.cpp around line 87 (or search for
ConfigFileMapping). There is a list of filenames which are mapped to different config file support code. You can add your own by editing the
.encfs5 line. I recommend you have the filename start with a dot (
.), although it should work without it as well..
Unencrypting a single file without mounting everything ∞
If your crypt directory contained "foo" as the unencrypted filename, you could do:
encfsctl cat .enc foo