How to Encrypt Files and Folders with eCryptFS on Ubuntu 18.04

|
Last Updated:
|
|
Encrypt Files and Folders with eCryptFS on Ubuntu

In this tutorial, you will learn how to Encrypt Files and Folders with eCryptFS on Ubuntu 18.04. Encryption is the process in which a plain text data, a message or information, is converted to a random and meaningless data, commonly known as ciphertext. Encrypted data can only accessed by authorized parties while those who are not authorized cannot access it.

How to Encrypt Files and Folders with eCryptFS on Ubuntu

There are several methods of encrypting data in Linux for example EncFS, eCryptFS for filesystem level encryption, Loop-AES, DMCrypt, CipherShield for full disk encryption. Well, in this tutorial, we are going to learn how to encrypt files and folders on Ubuntu 18.04 by using eCryptFS utility.

eCryptfs is a POSIX-compliant enterprise-class stacked cryptographic filesystem for Linux. Layering on top of the filesystem layer eCryptfs protects files no matter the underlying filesystem, partition type, etc

During installation, Ubuntu provides an option to encrypt the /home partition using eCryptfs. This will automatically configure everything needed to encrypt and mount the partition However, if you dont get on pretty well with this, run through the following steps to ecnrypt your files and directories manually.

Install eCryptFS on Ubuntu

To use eCryptFS, install the necessary packages. However, if you enabled home directory encryption during installation, this utility should already be installed.

sudo apt install ecryptfs-utils -y

Encrypt a Directory using eCryptFS on Linux

Now that the installation is done, it is time to see ecryptfs in action. Let say  you want to encrypt /home/$USER/mydocuments.

To encrypt the directory above, mount it with ecryptfs filesystem type as shown below.

sudo mount -t ecryptfs mydocuments/ mydocuments/

When this command is run, it asks for a passphrase and several other prompts. Answer them accordingly.


Passphrase:    Enter your passpharase here
Select cipher:
1) aes: blocksize = 16; min keysize = 16; max keysize = 32
2) blowfish: blocksize = 8; min keysize = 16; max keysize = 56
3) des3_ede: blocksize = 8; min keysize = 24; max keysize = 24
4) twofish: blocksize = 16; min keysize = 16; max keysize = 32
5) cast6: blocksize = 16; min keysize = 16; max keysize = 32
6) cast5: blocksize = 8; min keysize = 5; max keysize = 16
Selection [aes]:  Press Enter
Select key bytes: 
1) 16
2) 32
3) 24
Selection [16]:  Press Enter
Enable plaintext passthrough (y/n) [n]: n
Enable filename encryption (y/n) [n]: n
Attempting to mount with the following options:
ecryptfs_unlink_sigs
ecryptfs_key_bytes=16
ecryptfs_cipher=aes
ecryptfs_sig=96b6fac91e0a01b8
Mounted eCryptfs

The encrypted directory is now mounted. Run the command below to verify the mounting.

sudo mount | grep mydocuments
/home/$USER/mydocuments on /home/$USER/mydocuments type ecryptfs (rw,relatime,ecryptfs_sig=96b6fac91e0a01b8,ecryptfs_cipher=aes,ecryptfs_key_bytes=16,ecryptfs_unlink_sigs)

You can now start putting your sensitive data to the directory. As an example, let us create a file with random data within the encrypted directory.

cat mydocuments/clients-contacts.txt
ClientA: 020-000001
ClientB: 020-000002
ClientC: 020-000003
ClientD: 020-000004

As long as the directory is mounted, the data is accessible. Let us unmount the directory and see if it is possible to access the data.

sudo umount /home/$USER/mydocuments

Try to view the data now.

cat mydocuments/clients-contacts.txt

P.p"3DUfw`ք[PJP5~p_CONSOLE9mxǮP|Xt߫0ak!f(BƬ 
:i>0o989<Ѥk@OmD(WZ=&Ss<g9#@\e`\A]L!\U]s/zU.x|B$HPmTTzyrrx4%@$8!r]sI\#4q1Z8&ۿGGb$7
^QUﷱIa4ɵK,tyhUUHi 0]h<S+fK2DH-mC[iO-XbKdװ@%xYs, w'
O-nt!z"ɾ6AZyƷ.؃T`ǡ0FfӲܮ%O{@[ߕ8wLRѻsr&]^ XoeA"m?SVb&/Nrgθo?&[sj!
"lL CЯ5)+H^rA2aKxf.a+}LiA̝|gSOj2y_x~Ma^p.PmPUvdjv34 c5-F\hFQ½CTLB#OI+5.WXsDlbʺ
f50)> AJa7$~4V!R;udP]ޱABSyT!qg D;fY(&4!aX@"JyɬPwvJ"h}B<nS>e
)@[K~w39PK^ j~p"G'eQEK&3Ywe,Ϸ,AVjƺ!yUoX ·@\:!{mQfۢ'wţap]4}% αu[0M#>S魍g9t_A0k=ۊ;
wℍGZN$V2"HI-4oIክEoK?]9sIr0J:{uTJ8D֍+ nɪ7CI&iCELYa̅ÿҞޙn)-]}C
/ʄ46}u4bo\B4I۫+1hdH2:)>Vj{#B8<p6)3XHwluDkQ{\ngnk|Pˑqw0Es%ۗ(?q>L~٪|d9KN;bJZ]>1㛬a.SClߴ?<
k ҥfjnX(nҽH^>vs&tb?:?c7o\Ur2˵շĝ;X+$W/$PE5omɦbu9Y0jxR^C)C~J&J>~8l#D4$5iOhX !07mhB
V̧ðE<? "5h7#d|p#ɘSJܸ<<Uu9̔㕦QIr"xaבzM^*''SCn~;kA
'΢9Cj#@kо-=wK ;jtIPlP}I&9 *]nL2XYG||V fyha4SC:Ox<AJ2ݣ',fy:[p0u2t+ ?Եʫ̅x~Z%ڔ22#&7*Yxdg
#t-7dZZUnGJ/6[,e_m꡹]N=~cɏ|tQ0c4Q.,-AZaJ/n%-zPm絳v`#+{[n%l}U\9=_'(Sdq&b&44C5,
U9߯YK˟{O_xja423-@X4x~tŧK0荩t]?qwN!dMԞWl]SD;4>yr|a.
֐665G|-ulJw$2<F1nn"ѠX7PF<,q*~aW%'C&I2'ս
S{[email protected];,?o ïqx+5q69{i]ax1;7@>HOX:=M|zb<I凢K3QFz"?02C}mdj/|8xPܫߜ9b3~Q2̜h

This is all meaningless. To access the data, you need to remount the directory. When prompted for the passphrase, use the one you set while mounting the directory for the first time.

sudo mount -t ecryptfs mydocuments/ mydocuments/

Passphrase:    Enter your Previous passpharase here
Select cipher:
1) aes: blocksize = 16; min keysize = 16; max keysize = 32
2) blowfish: blocksize = 8; min keysize = 16; max keysize = 56
3) des3_ede: blocksize = 8; min keysize = 24; max keysize = 24
4) twofish: blocksize = 16; min keysize = 16; max keysize = 32
5) cast6: blocksize = 16; min keysize = 16; max keysize = 32
6) cast5: blocksize = 8; min keysize = 5; max keysize = 16
Selection [aes]:  Press Enter
Select key bytes: 
1) 16
2) 32
3) 24
Selection [16]:  Press Enter
Enable plaintext passthrough (y/n) [n]: n
Enable filename encryption (y/n) [n]: n
Attempting to mount with the following options:
ecryptfs_unlink_sigs
ecryptfs_key_bytes=16
ecryptfs_cipher=aes
ecryptfs_sig=96b6fac91e0a01b8
Mounted eCryptfs

You can now be able to view your data in the encrypted directory.

The process of remounting the directory is so manual and a bit taunting. Therefore, to automate this process, you can create a bash script or use a USB with a passphrase key to automate this process.

See our next tutorial on how to automate this mounting process. Cheers.

That marks the end of our tutorial on how to encrypt files and folders with eCryptFS on Ubuntu 18.04.

Other Tutorials

How to Use VeraCrypt on Command Line to Encrypt Drives on Ubuntu 18.04

Install and Setup VeraCrypt on Ubuntu 20.04

Encrypt Drives with LUKS in Linux

Automount LUKS Encrypted Device in Linux

SUPPORT US VIA A VIRTUAL CUP OF COFFEE

We're passionate about sharing our knowledge and experiences with you through our blog. If you appreciate our efforts, consider buying us a virtual coffee. Your support keeps us motivated and enables us to continually improve, ensuring that we can provide you with the best content possible. Thank you for being a coffee-fueled champion of our work!

Photo of author
koromicha
I am the Co-founder of Kifarunix.com, Linux and the whole FOSS enthusiast, Linux System Admin and a Blue Teamer who loves to share technological tips and hacks with others as a way of sharing knowledge as: "In vain have you acquired knowledge if you have not imparted it to others".

Leave a Comment