Encrypting files in a directory

It can be useful to encrypt data, for example when moving backups on storage devices in case of loss/theft.

This can be easily done using ecrypt, it’s installed through adding the package ecryptfs-utils.

Then create a new folder:

mkdir ~/testFolder/

Now mount the folder using the command:

mount -t ecryptfs ~/testFolder/ ~/testFolder/

You will be asked to choose a key type…

Select key type to use for newly created files:
 1) openssl
 2) pkcs11-helper
 3) passphrase
 4) tspi
Selection:

Choose option 3 (passphrase)

Enter a passphrase

Select cipher:
 1) aes: blocksize = 16; min keysize = 16; max keysize = 32
 2) blowfish: blocksize = 8; min keysize = 16; max keysize = 56
 3) des3_ede: blocksize = 8; min keysize = 24; max keysize = 24
 4) twofish: blocksize = 16; min keysize = 16; max keysize = 32
 5) cast6: blocksize = 16; min keysize = 16; max keysize = 32
 6) cast5: blocksize = 8; min keysize = 5; max keysize = 16
Selection [aes]:

Press enter to choose default (aes)

Select key bytes:
 1) 16
 2) 32
 3) 24
Selection [16]:

Press enter to choose default (16)

Enable plaintext passthrough (y/n) [n]:

Press enter to choose default (no)

Enable filename encryption (y/n) [n]:

Press enter to choose default (no)

Attempting to mount with the following options:
  ecryptfs_unlink_sigs
  ecryptfs_key_bytes=16
  ecryptfs_cipher=aes
  ecryptfs_sig=fccaf6dcf92c9c51
WARNING: Based on the contents of [/root/.ecryptfs/sig-cache.txt],
it looks like you have never mounted with this key
before. This could mean that you have typed your
passphrase wrong.

Would you like to proceed with the mount (yes/no)? :

Type yes, and press enter

Would you like to append sig [fccaf6dcf92c9c51] to
[/root/.ecryptfs/sig-cache.txt]
in order to avoid this warning in the future (yes/no)? :

Type yes, and press enter

Create a new file in ~/testFolder/ and enter some contents in your new file.

If you open or cat the file you will be able to view its contents.

Now umount the folder

umount ~/testFolder/

Try viewing the file again, and you should see lots of junk characters rather than your file in plain text.

To unlock the directory/files, you just need to mount the folder again using exactly the same procedure above.

mount -t ecryptfs ~/testFolder/ ~/testFolder/