eCryptfs is a encryption application for Linux that you can use to encrypt your files/folders and prevent others from viewing it. eCryptfs does not require its own partition. You can easily create a dynamic encrypted private directory on your Home folder that will shrink or grow in size according to the files you add to it. Whatever files you place in the private directory will be encrypted and safe from the public eyes.
In Ubuntu Ibex, the eCryptfs package was included in the Ubuntu main to support the use of a secret encrypted folder in the Home folder. To get it working in Ubuntu Hardy, you will have to follow the steps below:
First, install the eCryptfs package:
sudo apt-get install ecryptfs-utils
Create your own secret folder.
mkdir /secret
Mount the ecryptfs to the secret folder
sudo mount -t ecryptfs ~/secret ~/secret
It will then prompt you to answer a few questions.
1) Selecting your key type for newly created files
Press “1” to select passphrase
You will be asked to enter and verify your passphrase.
2) Selecting your encryption cipher
The default option is shown in the [ ]. If you are not sure of what to select, simply press Enter to select the default.
3) Select key byte
4) Enable plaintext passthrough
If you want to use unecrypted file inside your secret folder, then select ‘Y’. If not, type ‘N’.
Now, open your Nautilus (Places->Home Folder). You should see a secret drive mounted in the filesystem.
Testing out your secret folder encryption
Add some files to the secret folder.
Unmount it
sudo umount ~/secret
Access the secret folder again and open any of the files that you have just added. You should not be able to open and view the file content. That’s good. All your files are now encrypted.
Creating a launcher
Having a launcher on your desktop allows you to mount the secret folder easily.
On your desktop, right click the mouse and select “Create Launcher“.
Enter the following:
Type: Application in Terminal
Name: eCryptfs (or whatever name you want)
Command: sudo mount -t ecryptfs /home/USER/secret /home/USER/secret key=passphrase,ecryptfs_cipher=aes,ecryptfs_key_bytes=16,ecryptfs_passthrough=n (Replace the USER with your own username)
The next time you want to mount your secret folder, simply click on this launcher. It will pop up a terminal and ask you for your passphrase. Once that is verified, the secret folder will be mounted in the Home folder.
If you later decide to change the password, how do you go about doing that?
@jb1: No. You can’t change the password. If you forgot your password, then you are screwed.
whether the encrypted folder unmounted automatically when I log out the ubuntu,because I know all these either mount or unmount are automatically in the new coming ubuntu version 9.04,if not whether the other users still can access my secret files?how to avoid it ?
helai
@helai: Yes, the encrypted folder will be unmounted automatically when you log out. However, even after you unmount the folder, other users will still be able to see the secret folder and the files inside. It just that when they open the files, they will see rubbish (encrypted text).
but I check the web site Tombuntu,it doesn’t say like this,he says he create a launch of unmount similar as mount to unmount the encrypted folder before he log out the OS,it seems we need to unmount this folder to prevent other users can view my files if i forget it,is it right or not?
may be you can help me make a test to check it
Thanks,
helai
@helai: to better answer your question, let consider the following scenarios:
1) If you mount your encrypted folder and you log out and log in again with the same user account, the encrypted folder will still be there and anyone can access it.
2) If you restart/shut down your PC, it will automatically unmount the encrypted folder such that it won’t be available next time you switch on your PC.
3) If you log out and log in again with another user account, the encrypted folder will not be available as it is only accessible by you only.
Proved and tested.
Hope this helps.
It seems a joke,when I start to try it,but it shows me:
lenovo@ubuntu:~$ uname -r
2.6.24-21-generic
lenovo@ubuntu:~$ sudo mount -t ecryptfs ~/Private ~/Private
Unable to get the version number of the kernel
module. Please make sure that you have the eCryptfs
kernel module loaded, you have sysfs mounted, and
the sysfs mount point is in /etc/mtab. This is
necessary so that the mount helper knows which
kernel options are supported.
Make sure that your system is set up to auto-load
your filesystem kernel module on mount.
Enabling passphrase-mode only for now.
Select key type to use for newly created files:
1) passphrase
2) openssl
3) pkcs11-helper
4) tspi
Selection: 1
Passphrase:
Verify Passphrase:
Select cipher:
1) aes: blocksize = 16; min keysize = 16; max keysize = 32 (not loaded)
2) blowfish: blocksize = 16; min keysize = 16; max keysize = 32 (not loaded)
3) des3_ede: blocksize = 8; min keysize = 24; max keysize = 24 (not loaded)
4) twofish: blocksize = 16; min keysize = 16; max keysize = 32 (not loaded)
5) cast6: blocksize = 16; min keysize = 16; max keysize = 32 (not loaded)
6) cast5: blocksize = 8; min keysize = 5; max keysize = 16 (not loaded)
Selection [aes]:
Select key bytes:
1) 16
2) 32
3) 24
Selection [16]:
Attempting to mount with the following options:
ecryptfs_key_bytes=16
ecryptfs_cipher=aes
ecryptfs_sig=1f1d353f42d4eea4
WARNING: Based on the contents of [/root/.ecryptfs/sig-cache.txt],
it looks like you have never mounted with this key
before. This could mean that you have typed your
passphrase wrong.
Would you like to proceed with the mount (yes/no)? y
Aborting mount.
Error processing sig; rc = [-22]
Error mounting eCryptfs; rc = [-22]; strerr = [Invalid argument]. Check your system logs; visit .
Any suggestions are welcome!
i got a problem i here damien… need help…
iceman600@UBUNTU-DESKTOP:~$ sudo mount -t ecryptfs ~/secret ~/secret
Unable to get the version number of the kernel
module. Please make sure that you have the eCryptfs
kernel module loaded, you have sysfs mounted, and
the sysfs mount point is in /etc/mtab. This is
necessary so that the mount helper knows which
kernel options are supported.
Make sure that your system is set up to auto-load
your filesystem kernel module on mount.
Enabling passphrase-mode only for now.
Select key type to use for newly created files:
1) pkcs11-helper
2) tspi
3) openssl
4) passphrase
Selection:
i dont know what kernel and auto load the comp is talking about…
sorry.
$modprobe ecryptfs
@iceman600: Don’t worry. This message only show for first time usage. The message will go off in the subsequent mount
im having the same error with helai…
Aborting mount.
Error processing sig; rc = [-22]
Error mounting eCryptfs; rc = [-22]; strerr = [Invalid argument]. Check your system logs; visit .
iceman600,you have said that the message above only showed for the first time usage.however, it goes for the second time mount.
About this message:
Unable to get the version number of the kernel
module. Please make sure that you have the eCryptfs
kernel module loaded, you have sysfs mounted, and
the sysfs mount point is in /etc/mtab. This is
necessary so that the mount helper knows which
kernel options are supported.
Make sure that your system is set up to auto-load
your filesystem kernel module on mount.
Try with this in console:
$ modprobe ecryptfs
$ lsmod | grep ecryptfs
C yaa..
Here’s a batch file I use so I can hit one button to either mount or unmount:
#/bin/bash
if mount | grep secret
then
# Replace the USER with your own username
sudo umount /home/USER/secret
else
# Replace the USER with your own username
sudo mount -t ecryptfs /home/USER/secret /home/USER/secret key=passphrase,ecryptfs_cipher=aes,ecryptfs_key_bytes=16,ecryptfs_passthrough=n
fi
That’s a good one. Thanks for sharing.