There are a couple ways to do this. You can simply encrypt your files separately with GPG. But it may be hard to encrypt each file, then decrypt it when you want to use it...
There is another solution which works so much better (for me at least). Using FUSE and creating a virtual filesystem and using another program called encfs to do the encryption stuff.
Dependency
- rlog
- openSSL
- FUSE
- boost
Have a visit [ Here ] for obtaining the sources.
Or if you use distros with apt (like Debian), run this command:
sudo apt-get install encfs fuse-utils sudo modprobe fuse
the first one installs the needed packages, the second one enables the fuse module on kernel.
Permissions
After the installation, add yourself to the group created by the installer, named "fuse". Like this:
sudo adduser [username-here] fuse
Also, you need to allow group "fuse" manipulate /dev/fuse device. Issue the following as root:
chown :fuse /dev/fuse
This simply says the group owner of this device is fuse. Now you have the permissions to use FUSE stuff. Go on to the next...
Using encfs
Using this program may be a little frustrating, because you have to mention full paths always. This little bash script helps you really:
#!/bin/bash
usage() {
BASE=$(basename $0)
echo "Usage examples:"
echo -e "\t$BASE cryptdir mountpoint (assumes mount or create)"
echo -e "\t$BASE mountpoint (assumes umount)"
exit 0
}
[ "$#" == "1" ] || [ "$#" == "2" ] || usage
ENCFS=$(which encfs)
FUSERMOUNT=$(which fusermount)
[ -z "$ENCFS" ] && {
echo "I can't find 'encfs'. Make sure you installed the encfs package." >&2
exit 1
}
[ -z "$FUSERMOUNT" ] && {
echo "I can't find 'fusermount'. Make sure you installed the fuse-utils package." >&2
exit 1
}
# mount or create
[ "$#" == "2" ] && {
[ -d "$1" ] && [ -d "$2" ] || {
echo "You must supply two dir names for cryptdir and mountpoint." >&2
exit 1
}
DO=$(pwd)
cd "$1" && D1=$(pwd) || exit 2
cd "$DO" || exit 2
cd "$2" && D2=$(pwd) || exit 2
cd "$DO" || exit 2
"$ENCFS" "$D1" "$D2" && \
echo "Encrypted filesystem now mounted" || \
{ echo "Could not mount filesystem. Bad password or already mounted." >&2; exit 3; }
}
# umount
[ "$#" == "1" ] && {
[ -d "$1" ] || {
echo "You must supply a dir name as mountpoint." >&2
exit 1
}
"$FUSERMOUNT" -u "$1" && \
echo "Encrypted filesystem has been umounted" || \
{ echo "Could not umount directory" >&2; exit 3; }
}
Save it in your own bin directory and add the execute permissions for it.
Now you simply run the program with this script. For mounting/creating the file system, you have to provide the script with 2 directories, first one for the encrypted files to store, second one for decrypted files. Like this:
#I saved that script with name "enc" enc private/.open private/open
Now you are shown some options to choose for different stuff. If you don't understand them, choose default.
Important Note: To make it a little safer, create a parent directory with 700 permission (or rwx------) before running the command. Then cd to this parent directory and run the script. This is because the two directories for encfs must have 755 permissions, which gives others r/w permissions for the two directories.
Move your files you want to secure to the decrypted folder (private/open in my example). Then issue this:
enc private/open
This unmounts the FUSE filesystem and now the open folder looks empty. The content of this folder is encrypted and located in the /private/.open directory (again, in my example).
Hope this helped you out
MultiQuote
| 