Create a Private Encrypted Folder On Ubuntu Hardy With eCryptfs

By Damien | September 25, 2008 |

eCryptfs is a encryption application for Linux that you can use to encrypt your files/folders and prevent others from viewing it. eCryptfs does not require its own partition. You can easily create a dynamic encrypted private directory on your Home folder that will shrink or grow in size according to the files you add to it. Whatever files you place in the private directory will be encrypted and safe from the public eyes.

In Ubuntu Ibex, the eCryptfs package was included in the Ubuntu main to support the use of a secret encrypted folder in the Home folder. To get it working in Ubuntu Hardy, you will have to follow the steps below:

First, install the eCryptfs package:

sudo apt-get install ecryptfs-utils

Create your own secret folder.

mkdir /secret

Mount the ecryptfs to the secret folder

sudo mount -t ecryptfs ~/secret ~/secret

It will then prompt you to answer a few questions.

1) Selecting your key type for newly created files

ecryptfs-key type

Press “1″ to select passphrase

You will be asked to enter and verify your passphrase.

2) Selecting your encryption cipher

ecryptfs-cipher

The default option is shown in the [ ]. If you are not sure of what to select, simply press Enter to select the default.

3) Select key byte

ecryptfs-keybyte

4) Enable plaintext passthrough

If you want to use unecrypted file inside your secret folder, then select ‘Y’. If not, type ‘N’.

Now, open your Nautilus (Places->Home Folder). You should see a secret drive mounted in the filesystem.

Testing out your secret folder encryption

Add some files to the secret folder.

Unmount it

sudo umount ~/secret

Access the secret folder again and open any of the files that you have just added. You should not be able to open and view the file content. That’s good. All your files are now encrypted.

Creating a launcher

Having a launcher on your desktop allows you to mount the secret folder easily.

On your desktop, right click the mouse and select “Create Launcher“.

Enter the following:

Type: Application in Terminal
Name: eCryptfs (or whatever name you want)
Command: sudo mount -t ecryptfs /home/USER/secret /home/USER/secret key=passphrase,ecryptfs_cipher=aes,ecryptfs_key_bytes=16,ecryptfs_passthrough=n (Replace the USER with your own username)

The next time you want to mount your secret folder, simply click on this launcher. It will pop up a terminal and ask you for your passphrase. Once that is verified, the secret folder will be mounted in the Home folder.

Print this page Save as PDF

Damien Oh is the owner and chief editor of Make Tech Easier

jb1
If you later decide to change the password, how do you go about doing that?
jb1
If you later decide to change the password, how do you go about doing that?
http://maketecheasier.com/ Damien
@jb1: No. You can’t change the password. If you forgot your password, then you are screwed.
http://maketecheasier.com Damien
@jb1: No. You can’t change the password. If you forgot your password, then you are screwed.
helai
whether the encrypted folder unmounted automatically when I log out the ubuntu,because I know all these either mount or unmount are automatically in the new coming ubuntu version 9.04,if not whether the other users still can access my secret files?how to avoid it ?
helai
helai
whether the encrypted folder unmounted automatically when I log out the ubuntu,because I know all these either mount or unmount are automatically in the new coming ubuntu version 9.04,if not whether the other users still can access my secret files?how to avoid it ?
helai
http://maketecheasier.com/ Damien
@helai: Yes, the encrypted folder will be unmounted automatically when you log out. However, even after you unmount the folder, other users will still be able to see the secret folder and the files inside. It just that when they open the files, they will see rubbish (encrypted text).
http://maketecheasier.com Damien
@helai: Yes, the encrypted folder will be unmounted automatically when you log out. However, even after you unmount the folder, other users will still be able to see the secret folder and the files inside. It just that when they open the files, they will see rubbish (encrypted text).
helai
but I check the web site Tombuntu,it doesn’t say like this,he says he create a launch of unmount similar as mount to unmount the encrypted folder before he log out the OS,it seems we need to unmount this folder to prevent other users can view my files if i forget it,is it right or not?
may be you can help me make a test to check it
Thanks,
helai
helai
but I check the web site Tombuntu,it doesn’t say like this,he says he create a launch of unmount similar as mount to unmount the encrypted folder before he log out the OS,it seems we need to unmount this folder to prevent other users can view my files if i forget it,is it right or not?
may be you can help me make a test to check it
Thanks,
helai
http://maketecheasier.com/ Damien
@helai: to better answer your question, let consider the following scenarios:
1) If you mount your encrypted folder and you log out and log in again with the same user account, the encrypted folder will still be there and anyone can access it.
2) If you restart/shut down your PC, it will automatically unmount the encrypted folder such that it won’t be available next time you switch on your PC.
3) If you log out and log in again with another user account, the encrypted folder will not be available as it is only accessible by you only.
Proved and tested.
Hope this helps.
http://maketecheasier.com Damien
@helai: to better answer your question, let consider the following scenarios:
1) If you mount your encrypted folder and you log out and log in again with the same user account, the encrypted folder will still be there and anyone can access it.
2) If you restart/shut down your PC, it will automatically unmount the encrypted folder such that it won’t be available next time you switch on your PC.
3) If you log out and log in again with another user account, the encrypted folder will not be available as it is only accessible by you only.
Proved and tested.
Hope this helps.
helai
It seems a joke,when I start to try it,but it shows me:
lenovo@ubuntu:~$ uname -r
2.6.24-21-generic
lenovo@ubuntu:~$ sudo mount -t ecryptfs ~/Private ~/Private
Unable to get the version number of the kernel
module. Please make sure that you have the eCryptfs
kernel module loaded, you have sysfs mounted, and
the sysfs mount point is in /etc/mtab. This is
necessary so that the mount helper knows which
kernel options are supported.
Make sure that your system is set up to auto-load
your filesystem kernel module on mount.
Enabling passphrase-mode only for now.
Select key type to use for newly created files:
1) passphrase
2) openssl
3) pkcs11-helper
4) tspi
Selection: 1
Passphrase:
Verify Passphrase:
Select cipher:
1) aes: blocksize = 16; min keysize = 16; max keysize = 32 (not loaded)
2) blowfish: blocksize = 16; min keysize = 16; max keysize = 32 (not loaded)
3) des3_ede: blocksize = 8; min keysize = 24; max keysize = 24 (not loaded)
4) twofish: blocksize = 16; min keysize = 16; max keysize = 32 (not loaded)
5) cast6: blocksize = 16; min keysize = 16; max keysize = 32 (not loaded)
6) cast5: blocksize = 8; min keysize = 5; max keysize = 16 (not loaded)
Selection [aes]:
Select key bytes:
1) 16
2) 32
3) 24
Selection [16]:
Attempting to mount with the following options:
ecryptfs_key_bytes=16
ecryptfs_cipher=aes
ecryptfs_sig=1f1d353f42d4eea4
WARNING: Based on the contents of [/root/.ecryptfs/sig-cache.txt],
it looks like you have never mounted with this key
before. This could mean that you have typed your
passphrase wrong.
Would you like to proceed with the mount (yes/no)? y
Aborting mount.
Error processing sig; rc = [-22]
Error mounting eCryptfs; rc = [-22]; strerr = [Invalid argument]. Check your system logs; visit .
Any suggestions are welcome!
helai
It seems a joke,when I start to try it,but it shows me:
lenovo@ubuntu:~$ uname -r
2.6.24-21-generic
lenovo@ubuntu:~$ sudo mount -t ecryptfs ~/Private ~/Private
Unable to get the version number of the kernel
module. Please make sure that you have the eCryptfs
kernel module loaded, you have sysfs mounted, and
the sysfs mount point is in /etc/mtab. This is
necessary so that the mount helper knows which
kernel options are supported.
Make sure that your system is set up to auto-load
your filesystem kernel module on mount.
Enabling passphrase-mode only for now.
Select key type to use for newly created files:
1) passphrase
2) openssl
3) pkcs11-helper
4) tspi
Selection: 1
Passphrase:
Verify Passphrase:
Select cipher:
1) aes: blocksize = 16; min keysize = 16; max keysize = 32 (not loaded)
2) blowfish: blocksize = 16; min keysize = 16; max keysize = 32 (not loaded)
3) des3_ede: blocksize = 8; min keysize = 24; max keysize = 24 (not loaded)
4) twofish: blocksize = 16; min keysize = 16; max keysize = 32 (not loaded)
5) cast6: blocksize = 16; min keysize = 16; max keysize = 32 (not loaded)
6) cast5: blocksize = 8; min keysize = 5; max keysize = 16 (not loaded)
Selection [aes]:
Select key bytes:
1) 16
2) 32
3) 24
Selection [16]:
Attempting to mount with the following options:
ecryptfs_key_bytes=16
ecryptfs_cipher=aes
ecryptfs_sig=1f1d353f42d4eea4
WARNING: Based on the contents of [/root/.ecryptfs/sig-cache.txt],
it looks like you have never mounted with this key
before. This could mean that you have typed your
passphrase wrong.
Would you like to proceed with the mount (yes/no)? y
Aborting mount.
Error processing sig; rc = [-22]
Error mounting eCryptfs; rc = [-22]; strerr = [Invalid argument]. Check your system logs; visit .
Any suggestions are welcome!
iceman600
i got a problem i here damien… need help…
iceman600@UBUNTU-DESKTOP:~$ sudo mount -t ecryptfs ~/secret ~/secret
Unable to get the version number of the kernel
module. Please make sure that you have the eCryptfs
kernel module loaded, you have sysfs mounted, and
the sysfs mount point is in /etc/mtab. This is
necessary so that the mount helper knows which
kernel options are supported.
Make sure that your system is set up to auto-load
your filesystem kernel module on mount.
Enabling passphrase-mode only for now.
Select key type to use for newly created files:
1) pkcs11-helper
2) tspi
3) openssl
4) passphrase
Selection:
i dont know what kernel and auto load the comp is talking about…
sorry.

http://www.olx.com/ Tomas Zon
$modprobe ecryptfs

iceman600
i got a problem i here damien… need help…
iceman600@UBUNTU-DESKTOP:~$ sudo mount -t ecryptfs ~/secret ~/secret
Unable to get the version number of the kernel
module. Please make sure that you have the eCryptfs
kernel module loaded, you have sysfs mounted, and
the sysfs mount point is in /etc/mtab. This is
necessary so that the mount helper knows which
kernel options are supported.
Make sure that your system is set up to auto-load
your filesystem kernel module on mount.
Enabling passphrase-mode only for now.
Select key type to use for newly created files:
1) pkcs11-helper
2) tspi
3) openssl
4) passphrase
Selection:
i dont know what kernel and auto load the comp is talking about…
sorry.

http://www.olx.com Tomas Zon
$modprobe ecryptfs

http://maketecheasier.com/ Damien
@iceman600: Don’t worry. This message only show for first time usage. The message will go off in the subsequent mount
http://maketecheasier.com Damien
@iceman600: Don’t worry. This message only show for first time usage. The message will go off in the subsequent mount
iceman600 hope you can help me
im having the same error with helai…
Aborting mount.
Error processing sig; rc = [-22]
Error mounting eCryptfs; rc = [-22]; strerr = [Invalid argument]. Check your system logs; visit .
iceman600 hope you can help me.thanks
im having the same error with helai…
Aborting mount.
Error processing sig; rc = [-22]
Error mounting eCryptfs; rc = [-22]; strerr = [Invalid argument]. Check your system logs; visit .
jason
iceman600,you have said that the message above only showed for the first time usage.however, it goes for the second time mount.
jason
iceman600,you have said that the message above only showed for the first time usage.however, it goes for the second time mount.
http://www.olx.com/ Tomas Zon
About this message:
Unable to get the version number of the kernel
module. Please make sure that you have the eCryptfs
kernel module loaded, you have sysfs mounted, and
the sysfs mount point is in /etc/mtab. This is
necessary so that the mount helper knows which
kernel options are supported.
Make sure that your system is set up to auto-load
your filesystem kernel module on mount.
Try with this in console:
$ modprobe ecryptfs
$ lsmod | grep ecryptfs
C yaa..
http://www.olx.com Tomas Zon
About this message:
Unable to get the version number of the kernel
module. Please make sure that you have the eCryptfs
kernel module loaded, you have sysfs mounted, and
the sysfs mount point is in /etc/mtab. This is
necessary so that the mount helper knows which
kernel options are supported.
Make sure that your system is set up to auto-load
your filesystem kernel module on mount.
Try with this in console:
$ modprobe ecryptfs
$ lsmod | grep ecryptfs
C yaa..
http://nlphilia.net/ mdebusk
Here’s a batch file I use so I can hit one button to either mount or unmount:
#/bin/bash if mount | grep secret then # Replace the USER with your own username sudo umount /home/USER/secret else # Replace the USER with your own username sudo mount -t ecryptfs /home/USER/secret /home/USER/secret key=passphrase,ecryptfs_cipher=aes,ecryptfs_key_bytes=16,ecryptfs_passthrough=n fi

http://maketecheasier.com/ Damien
That’s a good one. Thanks for sharing.

http://nlphilia.net mdebusk
Here’s a batch file I use so I can hit one button to either mount or unmount:
#/bin/bash if mount | grep secret then # Replace the USER with your own username sudo umount /home/USER/secret else # Replace the USER with your own username sudo mount -t ecryptfs /home/USER/secret /home/USER/secret key=passphrase,ecryptfs_cipher=aes,ecryptfs_key_bytes=16,ecryptfs_passthrough=n fi

http://maketecheasier.com Damien
That’s a good one. Thanks for sharing.

Subscribe to MakeTechEasier

Create a Private Encrypted Folder On Ubuntu Hardy With eCryptfs

Recommendations

Follow Us On Facebook

About Make Tech Easier

Get Connected With Us