Easily encrypt folders

WARNING: This tutorial has been superseded by a future tutorial, using ecryptfs (due to security concerns with encfs, plus better performance), found here.

Encfs is a program that can be used to encrypt folders, unlike other encryption methods this doesn’t require a file of a fixed size, so you can use the decrypted folder in the same way as a regular folder without worrying about space.

This tutorial will explain how you can use a plugin as a convenient way to use this tool.

Pre-installation

In order to use this plugin you will of course need to install the encfs program first, the easiest way to do that (on Ubuntu) is to try clicking this link:
apt:encfs

or copy this into a terminal:
sudo apt install encfs -y

In addition to this we will be using gnome-encfs, a small program that allows you to use the gnome-keyring to store encryption passwords. This program by Oben Sonne can be found here; after downloading it, extract the gnome-encfs file to your home folder.

Then to install it run:
sudo install gnome-encfs /usr/local/bin

Installation

To install the actual plugin simply open a terminal and copy & paste these commands:

sudo apt install python-nautilus
mkdir -p ~/.local/share/nautilus-python/extensions/
cd ~/.local/share/nautilus-python/extensions/
wget https://sambull.org/downloads/encrypt-nautilus.py
chmod a+x encrypt-nautilus.py

If you want to try this out immediately, press Alt+F2 and enter “nautilus -q”, then repeat and enter “nautilus”, otherwise it will be available next time you login.

Usage

This new version has a greatly simplified and streamlined interface.

Simply right-click a folder you want to encrypt and click “Encrypt folder”, confirm when prompted and the contents of the folder will be immediately encrypted.

To view the decrypted contents, simply open the folder in Nautilus and it will be automatically mounted. If you want to manually unmount the folder, simply right-click and click “Unmount encrypted folder”.

Notes

If you want to backup your encrypted files, they are stored in a hidden folder called “.[name]-enc”.

Folders are encrypted with a randomly generated password, which is stored in your keyring. Make sure you backup your keyring, or you risk losing all your encrypted files.

If you want to move/rename a folder, you will need to move/rename both the folder, and it’s encrypted counterpart. You will then also need to update the keyring. I hope to remove the last step in another update in the future.

Upgrading

If you’ve used the extension before the latest update, you will need to change your encrypted folders to work with this new extension. Simply rename each of your encrypted folders to “.[name]-enc” and create an empty folder called “[name]”. If you then open the latter folder, you should be prompted for a password, copy this from the password stored in you keyring and you should be setup (you can then delete the old password from the keyring).

Extension

I’ve written a follow-up post to this one that explains how this can be used to encrypt Firefox data seamlessly. You can read it here.

7 pensoj pri “Easily encrypt folders

    1. If it’s simply not automounting, just right-click and mount it. If there is an issue with it, you can use gnome-encfs from the command line (gnome-encfs –help) to see what’s wrong. If the encryption step failed for some reason, the original contents would have been left in a temporary directory, something like /tmp/encfs-tmp-8778/.

  1. I have followed you instructions, but the “Encrypt folder” option does not arise upon right-clicking. Why is that?

    1. Hi. Try running in a terminal ‘nautilus -q’ and then ‘nautilus’. On my system at the moment (Ubuntu GNOME 13.04 with 3.8 PPA), this produces an error like “(nautilus:3065): Nautilus-Python-WARNING **: pygobject initialization failed”. If you get the same thing, then the python extension stuff in Nautilus is broken. If you get no errors, then I would first guess that python-nautilus is not installed, or the extension is not installed. If you get a different error, then email me (contact@sambull.org) and I can try to help you out.

      Alternatively, if you are not in a rush, I have been accepted into GSoC to integrate this project into GNOME directly over the next 3 months, which means it will work more reliably and out-of-the-box in a future GNOME release. You can follow progress at http://blog.sambull.org/t/gnome/.

  2. It did not save passwords. It even worked for a while without saving the password (even between reboots). I didn’t notice this and lost some files. Good news is they weren’t very important files.

    Make a test folder and check seahorse and make sure it saves the password before Encrypting anything important.

    Sam it’d great if it saved the password in the log if it failed to save it in the keyring.

    1. Hmm, when remounting it gets the password from the keyring, so if it was working across reboots, I can only assume the password was saved in the keyring. Perhaps something else later caused the password to get deleted?

      I may have to double check that the encryption gets aborted if the password fails to get saved though, as an additional safety measure.

Lasi respondon al Sam Bull Nuligi respondon

Retpoŝtadreso ne estos publikigita. Devigaj kampoj estas markitaj *