Create a Private Encrypted Folder On Ubuntu Hardy With eCryptfs

eCryptfs is a encryption application for Linux that you can use to encrypt your files/folders and prevent others from viewing it. eCryptfs does not require its own partition. You can easily create a dynamic encrypted private directory on your Home folder that will shrink or grow in size according to the files you add to it. Whatever files you place in the private directory will be encrypted and safe from the public eyes.

In Ubuntu Ibex, the eCryptfs package was included in the Ubuntu main to support the use of a secret encrypted folder in the Home folder. To get it working in Ubuntu Hardy, you will have to follow the steps below:

First, install the eCryptfs package:

sudo apt-get install ecryptfs-utils

Create your own secret folder.

mkdir /secret

Mount the ecryptfs to the secret folder

sudo mount -t ecryptfs ~/secret ~/secret

It will then prompt you to answer a few questions.

1) Selecting your key type for newly created files

ecryptfs-key type

Press “1” to select passphrase

You will be asked to enter and verify your passphrase.

2) Selecting your encryption cipher

ecryptfs-cipher

The default option is shown in the [ ]. If you are not sure of what to select, simply press Enter to select the default.

3) Select key byte

ecryptfs-keybyte

4) Enable plaintext passthrough

If you want to use unecrypted file inside your secret folder, then select ‘Y’. If not, type ‘N’.

Now, open your Nautilus (Places->Home Folder). You should see a secret drive mounted in the filesystem.

Testing out your secret folder encryption

Add some files to the secret folder.

Unmount it

sudo umount ~/secret

Access the secret folder again and open any of the files that you have just added. You should not be able to open and view the file content. That’s good. All your files are now encrypted.

Creating a launcher

Having a launcher on your desktop allows you to mount the secret folder easily.

On your desktop, right click the mouse and select “Create Launcher“.

Enter the following:

Type: Application in Terminal
Name: eCryptfs (or whatever name you want)
Command: sudo mount -t ecryptfs /home/USER/secret /home/USER/secret key=passphrase,ecryptfs_cipher=aes,ecryptfs_key_bytes=16,ecryptfs_passthrough=n  (Replace the USER with your own username)

The next time you want to mount your secret folder, simply click on this launcher. It will pop up a terminal and ask you for your passphrase. Once that is verified, the secret folder will be mounted in the Home folder.

15 comments

  1. @jb1: No. You can’t change the password. If you forgot your password, then you are screwed.

  2. whether the encrypted folder unmounted automatically when I log out the ubuntu,because I know all these either mount or unmount are automatically in the new coming ubuntu version 9.04,if not whether the other users still can access my secret files?how to avoid it ?
    helai

  3. @helai: Yes, the encrypted folder will be unmounted automatically when you log out. However, even after you unmount the folder, other users will still be able to see the secret folder and the files inside. It just that when they open the files, they will see rubbish (encrypted text).

  4. but I check the web site Tombuntu,it doesn’t say like this,he says he create a launch of unmount similar as mount to unmount the encrypted folder before he log out the OS,it seems we need to unmount this folder to prevent other users can view my files if i forget it,is it right or not?
    may be you can help me make a test to check it
    Thanks,
    helai

  5. @helai: to better answer your question, let consider the following scenarios:

    1) If you mount your encrypted folder and you log out and log in again with the same user account, the encrypted folder will still be there and anyone can access it.

    2) If you restart/shut down your PC, it will automatically unmount the encrypted folder such that it won’t be available next time you switch on your PC.

    3) If you log out and log in again with another user account, the encrypted folder will not be available as it is only accessible by you only.

    Proved and tested.

    Hope this helps.

  6. It seems a joke,when I start to try it,but it shows me:
    lenovo@ubuntu:~$ uname -r
    2.6.24-21-generic

    lenovo@ubuntu:~$ sudo mount -t ecryptfs ~/Private ~/Private

    Unable to get the version number of the kernel
    module. Please make sure that you have the eCryptfs
    kernel module loaded, you have sysfs mounted, and
    the sysfs mount point is in /etc/mtab. This is
    necessary so that the mount helper knows which
    kernel options are supported.

    Make sure that your system is set up to auto-load
    your filesystem kernel module on mount.

    Enabling passphrase-mode only for now.

    Select key type to use for newly created files:
    1) passphrase
    2) openssl
    3) pkcs11-helper
    4) tspi
    Selection: 1
    Passphrase:
    Verify Passphrase:
    Select cipher:
    1) aes: blocksize = 16; min keysize = 16; max keysize = 32 (not loaded)
    2) blowfish: blocksize = 16; min keysize = 16; max keysize = 32 (not loaded)
    3) des3_ede: blocksize = 8; min keysize = 24; max keysize = 24 (not loaded)
    4) twofish: blocksize = 16; min keysize = 16; max keysize = 32 (not loaded)
    5) cast6: blocksize = 16; min keysize = 16; max keysize = 32 (not loaded)
    6) cast5: blocksize = 8; min keysize = 5; max keysize = 16 (not loaded)
    Selection [aes]:
    Select key bytes:
    1) 16
    2) 32
    3) 24
    Selection [16]:
    Attempting to mount with the following options:
    ecryptfs_key_bytes=16
    ecryptfs_cipher=aes
    ecryptfs_sig=1f1d353f42d4eea4
    WARNING: Based on the contents of [/root/.ecryptfs/sig-cache.txt],
    it looks like you have never mounted with this key
    before. This could mean that you have typed your
    passphrase wrong.

    Would you like to proceed with the mount (yes/no)? y
    Aborting mount.
    Error processing sig; rc = [-22]
    Error mounting eCryptfs; rc = [-22]; strerr = [Invalid argument]. Check your system logs; visit .

    Any suggestions are welcome!

  7. i got a problem i here damien… need help…

    iceman600@UBUNTU-DESKTOP:~$ sudo mount -t ecryptfs ~/secret ~/secret

    Unable to get the version number of the kernel
    module. Please make sure that you have the eCryptfs
    kernel module loaded, you have sysfs mounted, and
    the sysfs mount point is in /etc/mtab. This is
    necessary so that the mount helper knows which
    kernel options are supported.

    Make sure that your system is set up to auto-load
    your filesystem kernel module on mount.

    Enabling passphrase-mode only for now.

    Select key type to use for newly created files:
    1) pkcs11-helper
    2) tspi
    3) openssl
    4) passphrase
    Selection:

    i dont know what kernel and auto load the comp is talking about…
    sorry.

  8. @iceman600: Don’t worry. This message only show for first time usage. The message will go off in the subsequent mount

  9. im having the same error with helai…

    Aborting mount.
    Error processing sig; rc = [-22]
    Error mounting eCryptfs; rc = [-22]; strerr = [Invalid argument]. Check your system logs; visit .

  10. iceman600,you have said that the message above only showed for the first time usage.however, it goes for the second time mount.

  11. About this message:
    Unable to get the version number of the kernel
    module. Please make sure that you have the eCryptfs
    kernel module loaded, you have sysfs mounted, and
    the sysfs mount point is in /etc/mtab. This is
    necessary so that the mount helper knows which
    kernel options are supported.

    Make sure that your system is set up to auto-load
    your filesystem kernel module on mount.

    Try with this in console:
    $ modprobe ecryptfs
    $ lsmod | grep ecryptfs

    C yaa..

  12. Here’s a batch file I use so I can hit one button to either mount or unmount:

    #/bin/bash
    if mount | grep secret
    then
    # Replace the USER with your own username
    sudo umount /home/USER/secret
    else
    # Replace the USER with your own username
    sudo mount -t ecryptfs /home/USER/secret /home/USER/secret key=passphrase,ecryptfs_cipher=aes,ecryptfs_key_bytes=16,ecryptfs_passthrough=n
    fi

Comments are closed.

Sponsored Stories