Are you thinking to encrypt some important data? Then you can use gocryptfs...
1. Install Gocryptfs on Linux
- Install gocryptfs:
apt-get install gocryptfs - Once installed we can validate the version used with the following command:
gocryptfs -version
2. Creating an Encrypted Directory
- Create a directory to contain the files and subdirectories you are protecting (to hold the encrypted data).
mkdir secretdir - Use gocryptfs to initialize that directory.
gocryptfs -init secretdir - Choose a password for protecting your files. Password:
yourpassword
Your master key is generated and displayed. Copy and save this somewhere safe and private.
- If you change into the new directory, you’ll see two files have been created.
- The ''gocryptfs.diriv'' is a short binary file, while ''gocryptfs.conf'' contains settings and information you should keep safe.
- With sufficient time and effort, it might be possible to extract your password from the "encrypted key" and "salt" entries,
3. Mounting the Encrypted Directory
-
The encrypted directory is mounted on a mount point, which is simply an empty directory. We are going to create one called ''subdir''
-
We can now mount the encrypted directory on the mount point. Strictly speaking, what’s actually mounted is the gocryptfs file system inside the encrypted directory. We’re prompted for the password.
gocryptfs secretdir subdir -
When the encrypted directory is mounted, we can use the mount point directory the same as we would any other. Anything we edit and create in this directory is actually written to the mounted, encrypted directory.
-
We can create a simple text file, like the following:
touch mysecretfile.txt -
We can edit it, add some content to it, and then save the file.
-
If we switch to our encrypted directory as shown below, we see that a new file with an encrypted name has been created.
If we try to view the contents of the encrypted file, we can see that it is really encrypted:
4. Unmount the encrypted directory
- When you are done with your encrypted directory, you can unmount it with the fusermount command. As part of the FUSE package, the following command removes the gocryptfs File system within the encrypted directory of the mount point.
fusermount -u subdir - You can check your mount point directory, you’ll see that it’s still empty.
- Everything you did is safely stored in the encrypted directory.
