Page 1 of 1

Encrypted FUSE filesystem using FUSE to create an encrypted filesystem Rate Topic: -----

#1 Anarion  Icon User is offline

  • The Persian Coder
  • member icon

Reputation: 282
  • View blog
  • Posts: 1,456
  • Joined: 16-May 09

Posted 19 February 2010 - 10:25 AM

Concerned about your important files? want to protect them ? Here's a solution...

There are a couple ways to do this. You can simply encrypt your files separately with GPG. But it may be hard to encrypt each file, then decrypt it when you want to use it...

There is another solution which works so much better (for me at least). Using FUSE and creating a virtual filesystem and using another program called encfs to do the encryption stuff.


  • rlog
  • openSSL
  • FUSE
  • boost

Have a visit [ Here ] for obtaining the sources.
Or if you use distros with apt (like Debian), run this command:
sudo apt-get install encfs fuse-utils
sudo modprobe fuse

the first one installs the needed packages, the second one enables the fuse module on kernel.


After the installation, add yourself to the group created by the installer, named "fuse". Like this:
sudo adduser [username-here] fuse

Also, you need to allow group "fuse" manipulate /dev/fuse device. Issue the following as root:
chown :fuse /dev/fuse

This simply says the group owner of this device is fuse. Now you have the permissions to use FUSE stuff. Go on to the next...

Using encfs

Using this program may be a little frustrating, because you have to mention full paths always. This little bash script helps you really:

usage() {
	BASE=$(basename $0)
	echo "Usage examples:"
	echo -e "\t$BASE cryptdir mountpoint (assumes mount or create)"
	echo -e "\t$BASE mountpoint (assumes umount)"
	exit 0

[ "$#" == "1" ] || [ "$#" == "2" ] || usage

ENCFS=$(which encfs)
FUSERMOUNT=$(which fusermount)

[ -z "$ENCFS" ] && {
	echo "I can't find 'encfs'. Make sure you installed the encfs package." >&2
	exit 1

[ -z "$FUSERMOUNT" ] && {
	echo "I can't find 'fusermount'. Make sure you installed the fuse-utils package." >&2
	exit 1

# mount or create
[ "$#" == "2" ] && {
	[ -d "$1" ] && [ -d "$2" ] || {
		echo "You must supply two dir names for cryptdir and mountpoint." >&2
		exit 1
	cd "$1" && D1=$(pwd) || exit 2
	cd "$DO" || exit 2
	cd "$2" && D2=$(pwd) || exit 2
	cd "$DO" || exit 2
	"$ENCFS" "$D1" "$D2" && \
	echo "Encrypted filesystem now mounted" || \
	{ echo "Could not mount filesystem. Bad password or already mounted." >&2; exit 3; }

# umount
[ "$#" == "1" ] && {
	[ -d "$1" ] || {
		echo "You must supply a dir name as mountpoint." >&2
		exit 1
	"$FUSERMOUNT" -u "$1" && \
	echo "Encrypted filesystem has been umounted" || \
	{ echo "Could not umount directory" >&2; exit 3; }

Save it in your own bin directory and add the execute permissions for it.

Now you simply run the program with this script. For mounting/creating the file system, you have to provide the script with 2 directories, first one for the encrypted files to store, second one for decrypted files. Like this:
#I saved that script with name "enc"
enc private/.open private/open

Now you are shown some options to choose for different stuff. If you don't understand them, choose default.

Important Note: To make it a little safer, create a parent directory with 700 permission (or rwx------) before running the command. Then cd to this parent directory and run the script. This is because the two directories for encfs must have 755 permissions, which gives others r/w permissions for the two directories.

Move your files you want to secure to the decrypted folder (private/open in my example). Then issue this:
enc private/open

This unmounts the FUSE filesystem and now the open folder looks empty. The content of this folder is encrypted and located in the /private/.open directory (again, in my example).

Hope this helped you out :)

Is This A Good Question/Topic? 0
  • +

Page 1 of 1