How to encrypt folders (not in Home)? [duplicate]

partitioning directory encryption

Is there a way to encrypt a folder, which is not in Home (/home/user/) but even in a different partition, so only my user can access/read contained files?

Alternatively, I would like to understand if it is possible to turn a complete ext4 partition into an encrypted volume, which would be mounted at user login.

If possible, I would like to make the change without reinstalling Ubuntu.

My PC has (mount output):

/dev/sda1 on / type ext4 (rw,errors=remount-ro)
/dev/sda3 on /home type ext4 (rw)
/dev/sda4 on /home/igor/Personale type ext4 (rw)

sda4 is the partition containing folders I would like to protect.


Solution 1:

Sure. You can use enfcs, for example, to create an encrypted folder anywhere. Install encfs with sudo apt-get install encfs.

mkdir /path/to/encrypted
mkdir /path/do/decrypted
encfs /path/to/encrypted /path/to/decrypted

When run on a given encrypted directory for the first time, encfs will take you through setting the password and encryption options.

To unmount the encrypted folder, type

fusermount -u /path/to/decrypted

To mount the encrypted directory again, type the same command you used to encrypt it:

encfs /path/to/encrypted /path/to/decrypted

Note that encryption is quite different from Unix permissions ("only my user can access..."). In short, any person and only a person with the credentials (password to the encrypted directory) can decrypt it. That is rather the point of it, because anyone with physical access to your machine can become root, and consequently -- also any user, including you. It is as simple as booting the computer with a live cd or taking out the drive and connecting it to another system.

Solution 2:

eCryptfs would be a good choice (Ubuntu encrypted home directory uses ecryptfs) if you want to encrypt /dev/sda4 which is mounted as /home/igor/Personale type ext4

You don't have to re-install anyway. ecryptfs is flexible (you can encrypt folders or partitions) and easy to use, it is layered on top of the current file system - ext4 in your case. Basically you have a partition/block device, create file system and mount it, then use ecryptfs to encrypt it.

In your case, it's /dev/sda4, to encrypt it NOTE: although this process retains existing data I strongly recommend backing up to a different partition or external HDD. Because later on we need to copy it back to get data encrypted (existing data won't get encrypted).

Steps:

  1. install ecryptfs-utils package 1st

    sudo apt-get install ecryptfs-utils

  2. mount the destination directory as ecryptfs (suppose /dev/sda4 already mounted on /home/igor/Personale)

    mount -t ecryptfs /home/igor/Personale /home/igor/Personale

NOTE: You will be prompted for pass phrase, cipher, key bytes, plaintext passthrough (y/n), filename encryption (y/n).

Done. Existing data won't be encrypted anyway, you can delete existing data and copy if from backup (that's why I recommended backing up, a data swap is needed to activate encryption on existing files). Use rsync for backup/restore:

    rsync -axHAX /backup /home/igor/Personale

BTW: you can see the encrypted partition use findmnt or mount, e.g /home/terry/topsecret on /home/terry/topsecret type ecryptfs (rw,ecryptfs_sig=633937dbcf1fef34,ecryptfs_cipher=aes,ecryptfs_key_bytes=16,ecryptfs_unlink_sigs)

Related

How to use GCC 4.7 in place of 4.6?
Wired Connection shared with other computers connects then disconnects in the nm-applet [closed]
How to decode the hash password in /etc/shadow
Why isn't Hibernate in Ubuntu 16.04 working and how to fix it?
How to run Dolphin instead of Nautilus?
How to create & execute a script file [duplicate]
How to test oom-killer from command line
VLC for flash video
How to use ssh to transfer files from computer a to local computer
More wifi issues - Qualcomm Atheros QCA6174 ath10k_pci
Wifi Hard Blocked After Suspend in Ubuntu on GS65
Ubuntu 16.04 LTS black screen after login