5

I've encrypted my home partition in Ubuntu (15.10 currently). Now I am trying to encrypt a single directory so that I can use it to sync. with e.g. dropbox securely.

Therefore, I need a new ecryptfs-directory.

  • A nested encryption (encrypted directory inside home) does not work.
  • The command ecryptfs-mount-private shows the error that I already have an encrypted passphrase (probably from the encrypted home directory?).

Therefore, I created via sudo mount -t ecryptfs /encrypted /decrypted a new directory pair at the root level (outside home). While I am able to mount it manually, I am not sure how I can mount it automatically - in addition to the encrypted home directory. I've found a description here (see here), where I put the mount command into the fstab file. First, it does not work. Second, it also seems that my passphrase would be stored in clear text with this solution?

So I am wondering whether there are better solutions? Thank you very much ;) Certainly, this will help everybody who encrypts her/his home partition and wants to encrypt the files which are uploaded to dropbox or owncloud.

Community
  • 1
PeteChro
  • 151

3 Answers3

2

eCryptFS is not designed for cloud storage. It assumes it is the only application accessing your ciphertexts and runs into undefined behavior when some other application (say your Dropbox client) modifies them. EncFS also has its problems as explained here.

You might want to take a look at CryFS https://www.cryfs.org

SeDaRo
  • 21
0

For those who might visit nowadays, consider using encrypted filesystem on cloud-drive simply with impressive GUI-based cryptomator.org as discussed by Cryptomator Cloud Storage Encryption Tool 1.4.0 Released With FUSE / Dokany Support - Linux Uprising Blog. It's multi-platform (including Android, iOS) as well as (built on) open-source. HTH

Kulfy
  • 18,154
CJay
  • 1
0

You may want to use EncFS and it's --reverse option. Here's a quote from it's man page:

   --reverse
       Normally EncFS provides a plaintext view of data on demand.  Nor‐
       mally it stores enciphered data and displays plaintext data.  With
       --reverse it takes as source plaintext data and produces enciphered
       data on-demand.  This can be useful for creating remote encrypted
       backups, where you do not wish to keep the local files unencrypted.

       For example, the following would create an encrypted view in
       /tmp/crypt-view.

           encfs --reverse /home/me /tmp/crypt-view

       You could then copy the /tmp/crypt-view directory in order to have
       a copy of the encrypted data.

You must also keep a copy of the file /home/me/.encfs6 which contains the filesystem information.

       Together, the two can be used to reproduce the unencrypted data:

           ENCFS5_CONFIG=/home/me/.encfs6 encfs /tmp/crypt-view /tmp/plain-view

       Now /tmp/plain-view contains the same data as /home/me

       Note that --reverse mode only works with limited configuration
       options, so many settings may be disabled when used.

Especially if the files are already kept in your encrypted home, this would be a good solution to avoid having a 2nd encrypted copy, and not having to manage 2 encrypted folders, just keep the EncFS config file .encfs6

Xen2050
  • 8,943