encfs – is a tool for encrypting a filesystem, i.e. a folder. It is very easy to use.

The debian package should be available in Debian and Ubuntu. Simply

$ sudo aptitude install encfs

encfs uses FUSE works perfectly for this kind of task. If you don’t have it installed, it should be installed with encfs. Remember to add yourself to the FUSE group.

$ sudo usermod -a -G fuse username

Now, there is mainly two commands you need to focus on. The one which mounts and creates the encrypted folder, and the one that unmounts it.

Create and mount

$ encfs /fullpath/.cryptic /fullpath/readable

You now answer a few question, and voila – good to go! Next time you simply issue the same command to mount an existing encrypted folder.


$ fusermount -u /fullpath/readable

How hard can that be, right!

Applications of encfs

You may use this in several ways. One and maybe the obvious, is to have your own personal folder with encrypted data – just for fun, or to avoid your girlfriend/boyfriend finding out about your deepest secrets! It sure is an easy way of keeping a diary.

You may also use this to make your home-folder encrypted. I have read somewhere that Ubuntu is planning to make encrypted-home as an option sometime. And I believe encfs is the candidate to use. There exists another package which uses the PAM for authorizing. This way, you may automount your folder when you login, making it ideal for home-folder encryption. Follow the links below for further information.

A howto is located at ubuntu’s help.



Updated 12th May 2010

Ubuntu 10.04 ships with Ubuntu One pre installed. It does not take much effort to sync your files to the cloud. It’s even more easy to share your files on the cloud. You right click on a file that you have on your cloud ( read Ubuntu One folder ), and publish it. Then you may send the link to this published file via email.

Security on the other hand is somewhat sparse. Yes, they do use SSL to sync the files from your computer to your storage place in the cloud. But your data is not encrypted on the server – anyone with access may read it. This is not so good!

This old post is now more valid than ever. Use encFS and sync your encrypted folder – keep the decrypted folder on your local machine. Trying to sync the actual encrypted folder did not work for me – Nautilus simply closed down. I believe this is an implementation issue with encFS as it uses fuse. The solution is to have one extra layer – sync the folder of which the encrypted folder resides.

I created a folder ~/cloud which I’d like to keep synced. The idea is as follows; you store the files you’d like on the cloud in this folder. But these files themselves are not encrypted, so this folder will not be synced. The paralleled encrypted folder, you should store on the existing Ubuntu One folder or in some other folder were you keep encrypted stuff.

Suggested setup:

$ mkdir ~/cloud
$ mkdir ~/Ubuntu One/clouded

Thus my mount command:

$ encfs ~/Ubuntu One/clouded ~/cloud

First time you execute this command, you must provide a password. Note the folders must exist. Now, I save all the files I am working on inside the non-encrypted ~/cloud folder. The encrypted folder ~/Ubuntu One/clouded is synced.