Encrypted file system

EncFS provides an encrypted filesystem in user space, which means you don't need to encrypt a full disk partition, but rather you can create an encrypted filesystem on the fly.

Creating an EncFS filesystem

The creation of an encrypted volume is pretty straightforward:

     $> mkdir /home/adotti/.work /home/adotti/work
     $> encfs /home/adotti/.work /home/adotti/work
     Creating new encrypted volume.
     Please choose from one of the following options:
     enter "x" for expert configuration mode,
     enter "p" for pre-configured paranoia mode,
     anything else, or an empty line will select standard mode.

Pre-configured paranoia mode is enough for most situations, as it provides some sane defaults - as you can see below.

     Paranoia configuration selected.

     Configuration finished.  The filesystem to be created has
     the following properties:
     Filesystem cipher: "ssl/aes", version 2:1:1
     Filename encoding: "nameio/block", version 3:0:1
     Key Size: 256 bits
     Block Size: 512 bytes, including 8 byte MAC header
     Each file contains 8 byte header with unique IV data.
     Filenames encoded using IV chaining mode.
     File data IV is chained to filename IV.

     New Encfs Password: 
     Verify Encfs Password:

Using the encrypted filesystem

To mount the encrypted volume, simply type:

     $> encfs /home/adotti/.work /home/adotti/work
     EncFS Password:

To unmount it, type:

     $> fusermount -u /home/adotti/work


Note that while files are encrypted, files metadata are not. File size, permissions and the overall number of files remain visible.