From Notes Wiki
Jump to: navigation, search

encfs is no longer being maintained. Please use ecryptfs instead.

Encfs

  1. Install encfs using 'yum install fuse-encfs'
  2. Create directory for encrypted files. (mkdir abcd-raw)
  3. Create mount point for unencrypted files. (mkdir abcd)
  4. Use command encfs to mount raw encrypted files directory on normal unencrypted directory. (encfs /home/saurabh/abcd-raw /home/saurabh/abcd ). Note that it is necessary to give full path for both raw and normal directory while using encfs command.
  5. Now test by creating few files in 'abcd' directory and their encrypted counterparts will be shown in 'abcd-raw' directory.


Changing password

  1. To change password use 'encfsctl <raw_directory>' command. For example 'encfsctl passwd /home/saurabh/abcd-raw'



Encrypting directory contents

To enable encryption on directory contents one can use following steps:

  1. Ensure that directory being encrypted is not in use. Use 'lsof | grep /documents' to verify.
  2. mv /documents /documents_raw
  3. mdkir /documents
  4. encfs /docuemnts_raw /documents
  5. cd /documents_raw
  6. 'mv `echo *` /documents'. Avoid direct use of wildcards in this command. Also you would have to move . [dot] files carefully without moving '.encfs<n>' file.



Multi-user directories

If access to unencrypted directory from non-root users is desried then '--public' option must be used while mounting. For example:

encfs --public /documents_raw /documents

When used in this manner normal unix file permissions still apply.


Mounting scripts

We can use bash scripts to mount raw directories to unencrypted mount points at boot. Sample bash script is given below:

#!/bin/sh

sudo encfs --public /documents_raw /documents
sudo encfs --public /var/lib/pgsql_raw /var/lib/pgsql
sudo /sbin/service postgresql start
sudo encfs --public /var/lib/mysql_raw /var/lib/mysql
sudo /sbin/service mysqld start


encfs and windows

Encfs is also available for window and similar command line options can be used on Windows for encrypting personal folders.


Troubleshooting

encfs crash problem on fully updated centOS 5.X

On fully updated system encfs may crash with error

    terminate called after throwing an instance of 'boost::filesystem::filesystem_error'

this can be because of version of boost.

To work-around this problem copy file '.encfs5 from someother encfs filesystem and use it to encrypt encryption directory. One can change password using encfsctl if required. For this to work we must know the password used in old .encfs5 file.


This problem is not solved by installing latest version of boost (boost_1_46_1.tar.bz2 at time of writing) using:

  1. Extract boost source code
  2. ./bootstrap.sh
  3. ./bjam
  4. sudo ./bjam install