Quick Links

Do you store sensitive files on Dropbox or another cloud storage service? Encrypt them with EncFS for Linux, an encrypting file system that transparently encrypts and decrypts each individual file with your encryption key. There's also an experimental Windows build.

EncFS works differently from a TrueCrypt container, which stores your encrypted files in a single large file. Instead, EncFS creates separate files for each file you add. It works better with cloud storage services that would re-upload the entire TrueCrypt container each time it's changed.

EncFS Setup on Linux

Run the following command to install EncFS on Ubuntu:

sudo apt-get install encfs

On other distributions of Linux, look for the EncFS package in your package manager and install it.

image

Run the following command to create a new EncFS encrypted volume:

encfs ~/Dropbox/encrypted ~/Private

This creates two directories. The directory at Dropbox/encrypted in your home folder is where the encrypted versions of your files will be saved -- they're in the Dropbox folder, so Dropbox will sync them. The Private folder in your home folder is where the decrypted versions of your files will be accessible. You can specify any location you prefer for either.

You'll be asked several questions after running this commands. The default paranoia mode (type p when prompted) should work well, but you can also type x for expert configuration mode.

image

EncFS will prompt you to create a password for your encrypted volume. Remember this password -- if you forget it, you won't be able to access your files.

image

Using EncFS on Linux

Place files in the Private folder you created earlier. This is also where you can access the decrypted versions of your files.

image

Encrypted versions of the files will be stored in your /Dropbox/encrypted folder. Dropbox will synchronize them across your computers -- no one can access their contents without your password. You can mount the EncFS directory on multiple computers (use the same encfs command) to use your encrypted files on each.

image

Very Important Information:

  • Do not place files in your /Dropbox/encrypted folder -- ignore this folder. Place files in the Private folder instead. If you place files directly in the /Dropbox/encrypted folder, they won't be encrypted.
  • Do not delete or lose the .encfs.xml file (it's hidden by default -- press Ctrl+H in Nautilus to view hidden files). You should probably create a backup of this file -- if you lose it, you'll also lose access to your encrypted files.
image

Remounting the File System

EncFS won't automatically mount itself after you restart your system -- if you log out and log back in, you won't be able to access your files without running the EncFS command. This provides good security -- no one can access or view your encrypted files until you run the command.

If your Private folder appears empty, your EncFS file system isn't mounted.

image

Just re-run the same command you ran earlier to remount your EncFS file system. For example, we'd run the following command:

encfs ~/Dropbox/encrypted ~/Private

You'll have to provide your password.

image

If you want your EncFS file system automatically mounted each time you log in, you can use gnome-encfs. gnome-encfs adds your EncFS password to your GNOME keyring and automatically mounts it each time you log in.

EncFS on Windows

Use encfs4win to access EncFS file systems on Windows. To use encfs4win, you'll also have to install version 0.6 of the Dokan library.

You can launch encfsw.exe and use the graphical program to mount or create EncFS file systems.

image

There's also an Android app, named Cryptonite, for accessing EncFS file systems on your Android phone or tablet. BoxCryptor, which we've covered before, uses EncFS as its backend.