- Installation of eCryptfs
- Encryption of directories using eCryptfs
- Auto-mount the encrypted directory
Note that we have explained the procedure on Ubuntu 18.04 LTS system.
Syntax
The general syntax for using eCryptfs is:
Install eCryptfs
eCryptfs is already included in the official Ubuntu repositories, so we can install it using the apt command. Open the Terminal in your Ubuntu system by pressing Ctrl+Alt+T. Now in the Terminal, execute this command to install eCryptfs:
Wait for a while until the installation of eCryptfs is completed.
Encrypt Directories using eCryptfs
To encrypt a directory using eCryptfs, use the syntax described above and replacing the and [Destintaion directory] with your own source or directory name.
For instance, I want to encrypt the “Myfiles” directory under my Home directory. In this case, the command would be:
When you run the above command, you will be asked to provide some details along with passphrase. The passphrase is actually the encryption key that will be used to later to decrypt the encrypted directory.
Also, note that the details you provide will be later used when remounting the directory.
Now our directory is encrypted and mounted. You can verify it by running the following command:
You will see output similar to this.
Verifying Encryption
Let’s create a document in the mounted directory using the Nano editor.
Now add some text in the file and press Ctrl+O and Ctrl+X to save and exit the file respectively. Now try to view this document using the cat command:
You will see that the document is unencrypted and you can view the content. It is due to the reason that the directory is mounted at this time. Remember that as long as the directory is mounted, you will be able to see the content unless you unmount it.
Now let’s try unmounting the directory. Use the following syntax to do so:
In our case, it would be:
Note: to unmount a directory, the command is “umount” instead of “unmount”.
As the directory is unmounted, so now let’s view the document using the cat command. This time, you will not be able to view the original content. Instead, you will see the encrypted text.
To access your files again, you will need to re-mount them and enter the same passphrase and details you have set earlier while mounting for the first time.
Automatically mount the encrypted directory
You will need to mount the encrypted directory every time you reboot the system. To avoid this situation, you can configure eCryptfs to automount the encrypted directory at every boot. Let’s see how to do this:
Insert a USB drive into your system. After that, run the following command and note down the name of the USB device:
From the above output, you can see my device name is “/dev/sdd1”.
Create a mount point using the following command:
Now mount the USB drive at this mount point:
Run this command and copy the signature from the output:
Next, create a signature file using this command:
Then insert the signature you copied above in previous step.
Once done, save and exit the file.
Next, we will create a passphrase file in the USB drive. To do so, run the following command in Terminal:
Add the following line by replacing the “your_passphrase” with the actual passphrase:
Now edit the /etc/fstab file using the Nano editor:
Then add following lines:
~/Documents/Myfiles/ ecryptfs defaults 0 0Change the device name,
mount point, and the encrypted directories according as per your system.
Once done, save and exit the file. Then reboot the system and the ~/Documents/Myfiles should be mounted.
In this article, we have learned to use eCryptfs for encrypting directories in Ubuntu. To access the encrypted directory, simply mount the directory and once you are done, unmount it. We have also discussed how to automatically mount the encrypted directory to avoid mounting every time the system boots.