Howto: Easily encrypt individual folders
Encfs is a program that can be used to encrypt folders, unlike other encryption methods this doesn’t require a file of a fixed size, so you can use the decrypted folder in the same way as a regular folder without worrying about space.
This tutorial will explain a convenient way to use this tool.
This method can both be used from the GUI and the command line.
To understand if this is what you want please read the example in the usage section at the bottom before going through the setup.
First, you will of course need to install the encfs program, the easiest way to do that (on Ubuntu) is to try clicking this link:
or copy this into a terminal:
sudo apt-get install encfs -y
In addition to this we will be using gnome-encfs, a small program that allows you to use the gnome-keyring to store encryption passwords. This program by Oben Sonne can be found here, after downloading it, extract the gnome-encfs file to your home folder.
Then to install it run:
sudo install gnome-encfs /usr/local/bin
To do this, we will be using a couple of scripts, that can be used in Nautilus (the file manager) or from the command line.
To install these scripts just save them into ~/.gnome2/nautilus-scripts/ (that is the folder nautilus-scripts in the .gnome2 hidden folder in your home folder):
You can download the first script here (or attached to this post). Right-click > Save as, then save it in the above folder (Ctrl+H shows hidden folders). Save it with whatever name you want to appear in the menu.
Repeat this for the unmount script, found here (or attached to this post).
In order to allow them to run, you need to make them executable, in the terminal this can be done by copying and pasting:
chmod +x ~/.gnome2/nautilus-scripts/emount ~/.gnome2/nautilus-scripts/eumount
Don’t forget to change the emount and eumount names if you’re using different names.
Now if you right-click on a folder, go to scripts, you should see emount and eumount (or whatever you named them). Read the usage section to find out how to use them.
To use the scripts from the command line, we need to make symlinks, just run:
sudo ln -s ~/.gnome2/nautilus-scripts/emount /usr/local/bin/emount &&
sudo ln -s ~/.gnome2/nautilus-scripts/eumount /usr/local/bin/eumount
Change the first emount to the name you saved for the GUI, and the second emount to the name you want to use for the command. Repeat with eumount.
I’ll give a little example here to demonstrate usage. Let’s say your Pictures folder contains some naughty images and you’d like to encrypt the entire folder. Let’s also say we want to do this from the GUI without using the command line.
The contents of my Pictures folder.
Simply right-click and emount the folder you want to encrypt. A window will now pop-up asking for the name of the folder where the decrypted contents will be displayed, I’ll use pictures-decrypted for this, you can use any name you like.
Naming the decrypted folder.
It will then ask if you want to have it automatically mount at login, this will allow you to have it always decrypted for you, but make sure nobody else will be able to see the contents without logging in. Finally, it asks you for a password, this is the password you want it to use for decrypting the folder (not your login).
You will then see a new folder has been created, in my case it’s called pictures-decrypted. This new folder is the decrypted contents of the Pictures folder. If you add any new files, you need to save them into this decrypted folder, they will then automatically be encrypted.
The folders after decrypting.
Simply right-click pictures-decrypted and select eumount. The decrypted folder should now have vanished.
If you look in the Pictures folder you will see that the contents are all encrypted and you will be unable to view any of the files.
With the contents encrypted nobody will be able to view them anymore.
This works similarly to the GUI, but used from the command line:
will decrypt (or encrypt if it’s not encrypted yet) the foo folder. While:
will unmount the bar folder.
If you are going to auto-mount the folder on login, then you could rename the encrypted folder to something like .pictures-encrypt (the . makes it a hidden folder). Then when you make it encrypted, you can name the decrypted folder Pictures, so the encrypted folder remains hidden, and the decrypted folder acts like your normal pictures folder.
Now in future all you have to do is right-click the Pictures folder and select emount. It will then retrieve your password from gnome-keyring and the decrypted folder will appear there with all your pictures in, and right-clicking and eumount will make them disappear again, so nobody will be able to view them without your password.
I’ve written a follow-up post to this one that explains how this can be used to encrypt Firefox data seamlessly. You can read it here.