Data security is one of the most important part of computing since its beginning days and going to be more and more important, as we are going to be far more digitized.
So, what is encryption ? Briefly encryption is a mix of math and technology to prevent unauthorized access of secret and valuable information.
Somewhat like locking money, jewellery etc. inside an iron safe, but digitally.
Encryption is extensively used by security agencies, military, business organizations, hackers, even by criminals to safeguard their privacy and protect valuable information.
But why data security and encryption is necessary for normal users like you and me ? Simply to protect us, probably you are aware of what could be done with with your email and facebook password, hard earned research papers, banking password, financial information etc. etc.
Contents
What is eCryptfs ?
Before going further, it's good to know a little more about eCryptfs, The word eCryptfs stands for Enterprise Cryptographic Filesystem. A filesystem level encryption tool, available with Linux kernel as a special stacked cryptographic file system driver. Konw more you may read the Wikipedia article and Arch wiki.
KNOW THE RISK
Default eCryptfs setup automatically mounts the encrypted filesystem after user log in, so keep your password secret. Allways take a backup of the ~/.ecryptfs/ folder and remember your log in password, whith out them encrypted data recovery is a real pain.
Setup eCryptFS
Lets encrypt our valuable information with the help of eCryptfs.
This tutorial is tested on Debian and Ubuntu. However it should work fine on any other GNU/Linux distribution like Ubuntu, Linux Mint, Fedora, Arch Linux etc.
1. Install ecryptfs
Ecryptfs is already installed in Ubuntu since a long time, to provide encrypted ecryptfs ubuntu home directory.
To install ecryptfs on Debian, just run the command bellow.
sudo apt-get install ecryptfs-utils
2. load the ecryptfs kernel module
Load the ecryptfs kernel driver, this is only for the first time, loads automatically after next reboot.
sudo modprobe ecryptfs
3. setup a ecryptfs encrypted directory
This is the basic step to create an encrypted private directory, where you can store your private information securely. This step will create two folders in your home directory named Private and .Private. Where .Private folder contains the encrypted data and the Private is the mount point, i.e. where the decrypted data is available.
ecryptfs-setup-private
enter your login password, then enter a mounting password or leave it blank to automatically generate a secured one , log out and log in again and done ! Now move your secret documents to the Private folder.
Now the encrypted filesystem is mounted, to mount and unmount the encryped Private directory, use the commands bellow.
ecryptfs-umount-private # to un mount ecryptfs-mount-private # to mount it again
To encrypt any other directory, simply move the directory to the Private directory, you may create a link to that directory for easy access.
mv ~/secret/ ~/Private/ # move the secret folder ln -s ~/Private/secret/ ~/secret/ # create the symlink for easy access
4. avoid ecryptfs auto mount at login
By default the Private folder is automatically after log in, to avoid this annoying feature, pass the --noautoumount argument during setup, like bellow, this setup will also un mount the Private folder after logout.
ecryptfs-setup-private --noautoumount
5. setup an encrypted /home directory
To setup an encrypted home directory without any hassle, log out from current session, log in as another user (i.e. as root) , install rsync and lsof , and run the command as root, ecryptfs-migrate-home -u username .
An example with Debian.
sudo apt-get install lsof # install lsof sudo apt-get install rsync # install rsync sudo ecryptfs-migrate-home -u b00m # setup encrypted home, b00m is the username
Conclusion
Now its your turn, secure your sensitive data and stay safe, hope this tutorial will help to encrypt them with eCryptfs.
If you need any further assistance just leave a comment, we’d be happy to assist you.
Feel free to share this tutorial with your friends.
ecryptfs-setup-private where is this executed from as to what home directory. Could you show an example please
Hi,
My application is running on a remote machine, which should run everytime even without login. I want to store my application data in this encrypted partition. But this requires a login to mount the Private directory. So is there any way we can mount this automatically during system boot without login?
eCryptFS is not built for that purpose.
However you can fiddle with systemd services and custom scripts.