encryption_with_encfs_and_pam-encfs
Encryption with encfs and pam-encfs(howto)
Encfs is an application that allows you to create encrypted folders, any file that is placed in such a folder will be encrypted. To open an encrypted folder you need a correct password.
There is also an add-on to encfs called pam-encfs. This add-on allows automatic encryption of the home-catalog.
Both encfs and pam-encfs must be set up from a terminal. So this tutorial might be a bit difficult for linux newcomers. In this tutorial I will first explain how to use encfs and then how to set up pam-encfs.
Setting up encfs
To install encfs you need to have access to the universe-packages of ubuntu. How this can be done is beeing described here: https://wiki.ubuntu.com/MOTU/Packages?action=show&redirect=UniversePackages
Now enter a terminal and type:
sudo aptitude install encfs
This will install encfs and probably also fuse-utils and libfuse2, which are required.
You need to have the kernel-module named "fuse" loaded in order to use encfs. To load this module simply type:
sudo modprobe fuse
Remember, this module must be loaded every time you intend to use encfs. If you want to have this module always loaded you must edit the file /etc/modules and add the line fuse to the bottom line.
Now it is needed for us to have permissions to use fuse. This is done in two steps. First add your user to the group fuse by typing:
sudo adduser <your login username> fuse
So for example if your login-name is donald you should type
sudo adduser donald fuse
The second step is to change the permissions of the file fusermount. This is done by typing:
sudo chmod +x /usr/bin/fusermount
Finally you are ready to create the encrypted folder. The application encfs will create one folder which contains the encrypted files and one folder where the files are unlocked and accessible. The syntax for encfs is: encfs <path to encrypted folder> <path to visible folder>
For example, I wish to have a folder in my home-directory called visible and another one called encrypted. Therefore I could write:
encfs ~/encrypted ~/visible
Where the '~' indicates that the folders shall be placed in the home-directory.
First encfs will ask you to create the selected folders. Simply type 'y'. Then it asks which degree of encryption that should be used. I prefer to simply press enter to use default encryption-level. At last encfs will ask you for the password that is needed to reach the encrypted information.
If things work out correctly and you don't recieve an error-message after typing in your password you are now free to use the folder ~/visible to store all kinds of sensitive information:-)
In order to close the ~/visible folder simply type:
fusermount -u ~/visible
Now all the information you placed in the folder ~/visible will seem to have disappeared. To again unlock the folder ~/visible you need to enter a terminal and type
encfs ~/encrypted ~/visible
You will be asked for the proper password to gain access.
This page is going to explain how to write a guide on the wiki. The following things are important:
- Read the docteam Styleguide
- Make sure you are not reproducing material already on the wiki
ask the Documentation Team to check the guide afterwards and place it in CategoryCleanup
The following paragraph is a lettered list:
this is the first item
this is the second item
this is the third item (the space should not be in your version)