I would like to password protect or encrypt a directory and all the files within it (for the whole directory tree below it). I do not want to bother the whole home directory, I want a specific directory with some files and folders in it. I would like to be able to encrypt the directory or decrypt it using a password. Command line would be nicest to use. I don’t want to have to create a new file as an encrypted version and then, delete the previous ones which are the non-encrypted version.
Answers:
Thank you for visiting the Q&A section on Magenaut. Please note that all the answers may not help you solve the issue immediately. So please treat them as advisements. If you found the post helpful (or not), leave a comment & I’ll get back to you as soon as possible.
Method 1
Use encfs (available as a package on most distributions). To set up:
mkdir ~/.encrypted ~/encrypted encfs ~/.encrypted ~/encrypted # enter a passphrase mv existing-directory ~/encrypted
The initial call to encfs sets up an encrypted filesystem. After that point, every file that you write under ~/encrypted is not stored directly on the disk, it is encrypted and the encrypted data is stored under ~/.encrypted. The encfs command leaves a daemon running, and this daemon handles the encryption (and decryption when you read a file from under ~/encrypted).
In other words, for files under ~/encrypted, actions such as reads and writes do not translate directly to reading or writing from the disk. They are performed by the encfs process, which encrypts and decrypts the data and uses the ~/.encrypted directory to store the ciphertext.
When you’ve finished working with your files for the time being, unmount the filesystem so that the data can’t be accessed until you type your passphrase again:
fusermount -u ~/encrypted
After that point, ~/encrypted will be an empty directory again.
When you later want to work on these files again, mount the encrypted filesystem:
encfs ~/.encrypted ~/encrypted # enter your passphrase
This, again, makes the encrypted files in ~/.encrypted accessible under the directory ~/encrypted.
You can change the mount point ~/encrypted as you like: encfs ~/.encrypted /somewhere/else (but mount the encrypted directory only once at a time). You can copy or move the ciphertext (but not while it’s mounted) to a different location or even to a different machine; all you need to do to work on the files is pass the location of the ciphertext as the first argument to encfs and the location of an empty directory as the second argument.
Method 2
I don’t want to have to create a new file as an encrypted version and then, delete the previous ones which are the non-encrypted version
But that’s exactly the scenario you’ve described….”be able to encrypt the directory or decrypt it”
I suspect the solution you’re looking for is an encrypted FUSE or similar. The filesystem is stored in an encrypted file and when mounted (with a passphrase) there is transparent access via the VFS layer.
All methods was sourced from stackoverflow.com or stackexchange.com, is licensed under cc by-sa 2.5, cc by-sa 3.0 and cc by-sa 4.0