Create an Encrypted Folder in /home/myname

English Install/Boot/Login
1

I don’t need to encrypt all of 13.2 /home; I only need an encrypted folder (couple of small files that I want secure)
The reason I’m putting this here is that It is experimental for me & looking for feedback; when it’s polished, I’ll do a howto in that forum:

I wanted to create an Encrypted Folder in /home/myname; here’s what I did:

in a root terminal:

mkdir .encrypted encrypted
encfs /home/myname/.encrypted  /home/myname/encrypted

The directory “/home/myname/.encrypted” does not exist; create it > Y
The directory “/home/myname/encrypted” does not exist; create it > Y
Creates new encrypted volumes

Please chose from one of the following options:
“x” for expert config mode
“p” for preconfigured paranoia mode
anything else, or an empty line will select standard mode
I selected: “p”.

The system finished the configuration and asked me for a password & verify password > done

Now, /home/myname/encrypted folder exists:

when I try to access it as “user” I get:

could not enter folder /home/myname/encrypted

I see no way to enter a password

However, if I start Konqueror from a root terminal, I can access the folder – but, I don’t need my assigned password
(I can add & access my data as root)

Is this normal?
Did I do it wrong?
Feedback?

2

That was probably your mistake.

I think you are supposed to set it up as yourself, not as root.

Note that I have not used “encfs”. I do use “ecryptfs” which works very well for an encrypted directory “$HOME/Private”.

3

Many thanks!

I’ll clean up that mess & try your recommendation

4

On Wed, 26 Nov 2014 19:06:01 +0000, snakedriver wrote:

> Is this normal? Did I do it wrong?

Use encfs as the user, not as root - encfs uses fuse, and normally (by
default), fuse limits access to just the user that created it.

Jim


Jim Henderson
openSUSE Forums Administrator
Forum Use Terms & Conditions at http://tinyurl.com/openSUSE-T-C

5

Thanks guys! I went in as root and removed everything that I had created in the 1st post; however, if encfs created a symlink or hardlink, I could not find it to delete it. I did enter as root and saved my data I had placed in there.

Then after a reboot, I checked YAST to make sure I had Fuse installed, which It did:
then did “modprobe fuse” just to be sure it was loaded in kernel

Next, in a terminal:

mkdir .encrypted encrypted
encfs /home/myname/.encrypted  /home/myname/encrypted
Creating new encrypted volume.
Please choose from one of the following options:
 enter "x" for expert configuration mode,
 enter "p" for pre-configured paranoia mode,
 anything else, or an empty line will select standard mode.
?> 

Standard configuration selected.

Configuration finished.  The filesystem to be created has
the following properties:
Filesystem cipher: "ssl/aes", version 3:0:2
Filename encoding: "nameio/block", version 3:0:1
Key Size: 192 bits
Block Size: 1024 bytes
Each file contains 8 byte header with unique IV data.
Filenames encoded using IV chaining mode.
File holes passed through to ciphertext.

Now you will need to enter a password for your filesystem.
You will need to remember this password, as there is absolutely
no recovery mechanism.  However, the password can be changed
later using encfsctl.

New Encfs Password: 
Verify Encfs Password:

Now, in /home/myname, I have the hidden folder .encrypted and the visual folder encrypted
I rebooted

Then, I moved my data files into the folder “encrypted” and rebooted

I then went into the folder “encrypted” and Konqueror showed 0 files and 0 folders – darn I lost my data or so I thought.
I then went into the hidden folder “.encrypted” and Konqueror showed encrypted data; so, how now to access it?

Solution:
in a terminal:

encfs /home/myname/.encrypted  /home/myname/encrypted
EncFS Password:

Now access the folder “encrypted” and there are the data!
(there may be other ways but I stopped when I found one that worked)

Neat and easy; plus, if someone opens my computer and looks, encrypted will be empty (and the hidden folder “.encrypted” will be encrypted – I can"t read it).

Works well!
Many thanks to the inventor and the forum help,

Jim