Difference between revisions of "EncFS"

From ArchWiki
Jump to: navigation, search
m
(merge: Encrypted User Folders Using EncFS >> EncFS (article was 1:1 duplicate))
Line 1: Line 1:
{{merge|Encrypted User Folders Using EncFS|Talk:EncFS}}
 
 
 
[[Category:Security (English)]]
 
[[Category:Security (English)]]
 
[[Category:HOWTOs (English)]]
 
[[Category:HOWTOs (English)]]
== Introduction ==
+
'''EncFS''' is a userspace cryptographic file-system, and aims to secure data with the minimum hassle. It uses [[FUSE]] to mount an encrypted directory onto another directory specified by the user. It does not use a loopback system like some other comparable systems such as [[TrueCrypt]] and [[DM-Crypt]].
In a lot of circumstances it makes sense to secure data on your computer using cryptographic tools. EncFS is a userspace cryptographic filesystem, and aims to secure your data with the minimum of hassle. It uses [http://fuse.sourceforge.com FUSE] to mount an encrypted directory onto another directory specified by the user. It does not use a loopback system like some other comparable systems such as [http://www.truecrypt.org TrueCrypt] and [http://www.saout.de/misc/dm-crypt/ DM-Crypt].
+
  
This has a number of advantages, and some disadvantages compared to these systems. Firstly it does not require any root privileges to implement, any user can create a repository of encrypted files, and use them. Secondly you do not need to create a single file and create a filesystem within that, it works on your existing filesystem, with no modifications.  
+
This has a number of advantages and disadvantages compared to these systems. Firstly, it does not require any root privileges to implement; any user can create a repository of encrypted files. Secondly, one does not need to create a single file and create a filesystem within that; it works on existing filesystem without modifications.
  
This does create a few disadvantages though, because the encrypted files are not stored in their own file, someone who obtains access to the machine can still see the underlying directory structure, the number of files, their sizes and when they were modified. They cannot see the contents though.
+
This does create a few disadvantages, though; because the encrypted files are not stored in their own file, someone who obtains access to the system can still see the underlying directory structure, the number of files, their sizes and when they were modified. They cannot see the contents, however.
  
This particular method of securing your data is obviously not perfect, but it does have situations in which it is useful.
+
This particular method of securing data is obviously not perfect, but there are situations in which it is useful.
  
== Installation ==
+
==Installation==
To install EncFS, as root, do:
+
Install the {{package Official|encfs}} package using [[pacman]]:
  # pacman -Sy encfs
+
  # pacman -S encfs
You will need the community repository enabled to do this.
+
  
== Usage ==
+
==Usage==
'''To create''' a secured repository, type:
+
To create a secured repository, type:
 
  $ encfs ~/.crypt ~/crypt
 
  $ encfs ~/.crypt ~/crypt
You will be prompted whether you want to go with the default (paranoid options) or expert configuration. The latter allows you to specify algorithms and other options. The former is a fairly good default though.   You will also be prompted to set a key for encryption. Once this has been done you will have your encoded filesystem created and mounted. The encoded files are stored in ~/.crypt, and their unencrypted versions in ~/crypt.
+
This will be followed by a prompt about whether you want to go with the default (paranoid options) or expert configuration. The latter allows specifying algorithms and other options. The former is a fairly secure default setup. After entering a key for the encryption, the encoded filesystem will created and mounted. The encoded files are stored, in this example, at {{filename|~/.crypt}}, and their unencrypted versions in {{filename|~/crypt}}.
  
'''To unmount''' the filesystem, type:
+
To unmount the file-system, type:
 
  $ fusermount -u ~/crypt
 
  $ fusermount -u ~/crypt
And all will be done.
 
  
When you want to remount the filesystem, you simply retype the first command, and you will be asked for the key you used to encode with, once this has been entered, then the filesystem will be mounted again.
+
To remount the filesystem, issue the first command, and enter the key useded to encode it. Once this has been entered, the filesystem will be mounted again.

Revision as of 07:49, 9 December 2009

EncFS is a userspace cryptographic file-system, and aims to secure data with the minimum hassle. It uses FUSE to mount an encrypted directory onto another directory specified by the user. It does not use a loopback system like some other comparable systems such as TrueCrypt and DM-Crypt.

This has a number of advantages and disadvantages compared to these systems. Firstly, it does not require any root privileges to implement; any user can create a repository of encrypted files. Secondly, one does not need to create a single file and create a filesystem within that; it works on existing filesystem without modifications.

This does create a few disadvantages, though; because the encrypted files are not stored in their own file, someone who obtains access to the system can still see the underlying directory structure, the number of files, their sizes and when they were modified. They cannot see the contents, however.

This particular method of securing data is obviously not perfect, but there are situations in which it is useful.

Installation

Install the Template:Package Official package using pacman:

# pacman -S encfs

Usage

To create a secured repository, type:

$ encfs ~/.crypt ~/crypt

This will be followed by a prompt about whether you want to go with the default (paranoid options) or expert configuration. The latter allows specifying algorithms and other options. The former is a fairly secure default setup. After entering a key for the encryption, the encoded filesystem will created and mounted. The encoded files are stored, in this example, at Template:Filename, and their unencrypted versions in Template:Filename.

To unmount the file-system, type:

$ fusermount -u ~/crypt

To remount the filesystem, issue the first command, and enter the key useded to encode it. Once this has been entered, the filesystem will be mounted again.