eCryptfs is a cryptographic file system embedded inside the Linux kernel (versions 2.6.19 and later), it is also a stacked file system, which means that eCryptfs is a layer that works on top of other standard, lower file systems, such as ext4, FAT32, XFS and ReiserFS.
- Dynamic size of the encrypted tree: The size of the encrypted part does not need to be fixed in advance, you don’t have to pre-allocate a big chunk of your hard disk space to store your sensitive data that maybe only few megabytes.
- All the cryptographic metadata is stored in the header of the file. This means that the encrypted file can be copied and moved from one location to another not leaving any metadata behind.
- Files can be encrypted with multiple keys so that multiple different users can have access to encrypted but shared files. You can have different files encrypted by different users and each user can access only his files.
Disadvantages of using eCryptfs (it may change in future versions):
- eCryptfs does not encrypt filenames, only the content.
- Certain patterns, such as a typical distribution of file size in a directory, will always give a clear hint of what is being stored, even if it is encrypted.
eCryptfs should not be used if you want to hide the fact that something is stored! You will not be able to deny the existence of encrypted files!
To install eCryptfs in RPM based Linux (Fedora, Mandriva, OpenSuse, etc):
su -c ‘yum install ecrypt-utils’
To install eCryptfs in DEB based linux (Debian, Knoppix, GRML, etc):
sudo aptitude install ecryptfs-utils
First create a folder in your Home directory and name it secret:
Now you need to change the folder permissions to make sure nobody else will access it:
chmod 700 ~/private
Then mount the ecryptfs to the private folder using the following command as root:
mount -t ecryptfs ~/private ~/private
eCryptfs will then prompt you to answer a few questions, see screenshot below:
After you have made your choices and mounted the encrypted folder you can add files inside.
To test the reliability of eCryptfs, unmount your encrypted folder and see if you can open the files inside the secret folder.
sudo umount ~/secret
If it is working properly, you should not be able to open any files inside the folder.
Warning: Once the encrypted data is accessed it will leave traces all over your operating system (swap, print spool, spell-checker, backups …). If you really care about your private data falling in the wrong hands then use whole disk encryption!