How to encrypt folders (not in Home)? [duplicate]
Is there a way to encrypt a folder, which is not in Home
(/home/user/
) but even in a different partition, so only my user can access/read contained files?
Alternatively, I would like to understand if it is possible to turn a complete ext4
partition into an encrypted volume, which would be mounted at user login.
If possible, I would like to make the change without reinstalling Ubuntu.
My PC has (mount
output):
/dev/sda1 on / type ext4 (rw,errors=remount-ro)
/dev/sda3 on /home type ext4 (rw)
/dev/sda4 on /home/igor/Personale type ext4 (rw)
sda4
is the partition containing folders I would like to protect.
Solution 1:
Sure. You can use enfcs
, for example, to create an encrypted folder anywhere. Install encfs with sudo apt-get install encfs
.
mkdir /path/to/encrypted
mkdir /path/do/decrypted
encfs /path/to/encrypted /path/to/decrypted
When run on a given encrypted directory for the first time, encfs will take you through setting the password and encryption options.
To unmount the encrypted folder, type
fusermount -u /path/to/decrypted
To mount the encrypted directory again, type the same command you used to encrypt it:
encfs /path/to/encrypted /path/to/decrypted
Note that encryption is quite different from Unix permissions ("only my user can access..."). In short, any person and only a person with the credentials (password to the encrypted directory) can decrypt it. That is rather the point of it, because anyone with physical access to your machine can become root, and consequently -- also any user, including you. It is as simple as booting the computer with a live cd or taking out the drive and connecting it to another system.
Solution 2:
eCryptfs would be a good choice (Ubuntu encrypted home directory uses ecryptfs) if you want to encrypt /dev/sda4 which is mounted as /home/igor/Personale type ext4
You don't have to re-install anyway. ecryptfs is flexible (you can encrypt folders or partitions) and easy to use, it is layered on top of the current file system - ext4 in your case. Basically you have a partition/block device, create file system and mount it, then use ecryptfs to encrypt it.
In your case, it's /dev/sda4, to encrypt it NOTE: although this process retains existing data I strongly recommend backing up to a different partition or external HDD. Because later on we need to copy it back to get data encrypted (existing data won't get encrypted).
Steps:
-
install ecryptfs-utils package 1st
sudo apt-get install ecryptfs-utils
-
mount the destination directory as ecryptfs (suppose /dev/sda4 already mounted on /home/igor/Personale)
mount -t ecryptfs /home/igor/Personale /home/igor/Personale
NOTE: You will be prompted for pass phrase, cipher, key bytes, plaintext passthrough (y/n), filename encryption (y/n).
Done. Existing data won't be encrypted anyway, you can delete existing data and copy if from backup (that's why I recommended backing up, a data swap is needed to activate encryption on existing files). Use rsync for backup/restore:
rsync -axHAX /backup /home/igor/Personale
BTW: you can see the encrypted partition use findmnt or mount, e.g /home/terry/topsecret on /home/terry/topsecret type ecryptfs (rw,ecryptfs_sig=633937dbcf1fef34,ecryptfs_cipher=aes,ecryptfs_key_bytes=16,ecryptfs_unlink_sigs)