How to encrypt individual folders?

  • Let's say that I have a folder, within my Documents folder, that has files I want no one to access without a password.

    Is there a way to lock down that folder so that it's password protected / encrypted?

    In fact, is it possible to password-protect any individual folder?

  • Cryptkeeper

    WARNING: CryptKeeper has recently been reported that it has a universal password bug that puts your data at potential risk. This issue may not yet be fixed in Ubuntu, use this solution at your own risk.

    Relevant bug information links:
    Upstream bug: https://github.com/tomm/cryptkeeper/issues/23
    Debian bug: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=852751


     sudo apt-get install cryptkeeper
    

                                    After installing, go to Applications –> System Tools –> Cryptkeeper.

                                            Cryptkeeper will automatically attach itself to the top panel

                       enter image description here

                         To create an encrypted protected folder, click on Cryptkeeper applet and select                                                                             ‘New encrypted folder’

                       enter image description here

                              Then type the folder name and where to save the folder and click ‘Forward’.

                       enter image description here

                                                                  Type the password and click ‘Forward’.

                       enter image description here

                                                          The folder will be created and ready to be used.

                       enter image description here

                       To access all encrypted folder, click on Cryptkeeper applet on the panel and select                                                                                                each folder.

                       enter image description here

                                                       Type the password before it is mounted to be accessed.

                       enter image description here

                                                           Done

                       enter image description here

                     To delete a folder or change the password, right-click the folder in the panel-applet.

                                                                                          For More Help

    In case you can't see the panel icon run `gsettings set com.canonical.Unity.Panel systray-whitelist "['all']"` and `unity --replace`.

    @OneZero - +1 excellent answer

    @fossfreedom , When the Gurru say its excellent , then it's a excellent answer . thankyou

    Is there a way to auto-mount this set-up on login?

    @Jakob At least in 13.10, `com.canonical.Unity.Panel` doesnt exist, and `systray-whitelist` is an invalid key in all available `Unity.` schemas :(

    Cryptkeeper received bad ratings recently on the Ubuntu software center

    This method is interesting, but the problem comes from we can't introduce a password on an existing directory.

  • eCryptfs

    EncryptedPrivateDirectory Method.

    Ubuntu Official Wiki

    Search for and install ‘ecryptfs-utils’ in Ubuntu Software Center:

    enter image description here

    After installing, go to Applications –> Accessories –> Terminal and run the command below:

    ecryptfs-setup-private
    

    enter image description here

    You’ll be prompted to type your login passphrase (password), and to create one for your private folder:

    enter image description here

    When you’re done creating your password, Log Out and Log back in:

    enter image description here

    Next, go to Places –> Home Folder:

    enter image description here

    And new folder should be created in your home directory called ‘Private’. This folder in encrypted and password-protected. Move all your personal stuff into this folder to secure them:

    enter image description here

    Users without access to the folder will be denied:

    enter image description here

    For More Help

  • You have 2 choices if you want to lock down a folder from other users

    • Encrypt or create a compressed password protect archive of the files. This method (Cryptkeeper) is perfect for this case when you need to be 100% sure no one will ever look at your files without knowing the password used there.

    • Use your computer folder / file permissions to deny access to your folder to other user.

    The first involves making sure that the result cannot be opened by any user without knowing the password used.

    The second will only change the file / folder privileges so that another user without rights cannot open it. The folder still exists, can be accessed by any user with sudo rights in your system or using a LiveCD and reading the partition. It is also simpler to implement and does not require that you type a password all the time you need to open / mount the encrypted folder / archive.

    An easy and fast way to do so is using chmod to change the privileges for a file or folder.

    Open a terminal and navigate to the place where your folder is, lets assume that the folder name is foo and that we are currently located where the folder is.

    chmod 700 foo
    

    will make foo only available for your eyes, its not encrypted (that is also possible) but only your user (and or a user with sudo privileges) can read or open that file / folder.

    You can also do it graphically by right clicking on a file or folder and changing its permissions manually. In the example below you as owner have all privileges and you deny any other group or user from accessing, reading or modifying that file / folder

    enter image description here

    For more information about file / folder permissions visit the Ubuntu Understanding and Using File Permissions wiki page.

    +1 can't go wrong with those elusive yet simple solutions.

    Sounds great, but doesn't make much sense. How do I simply "change the privileges" for a while or folder?

    You're dealing with newbies here. What does "using the command" mean? If I click on a folder, then how do "use a command"?

    I have added that to the answer also, right click a folder and go to the **permissions** and have a look at it. The example given would make the file / folder only accessible by you or a user with sudo rights. It is the same as issuing `chmod 700 ` in a terminal.

    Brilliant. I shall try that. EDIT: Hang on. Doesn't that only work if someone else is logged on to my PC? Right now, I am logged on - and am the only user - so therefore, I can access all those folders without typing in a password.

    Since "encryption" is mentioned in the question, I added a clarification in the answer. Feel free to improve it!

    @lumbric Ok, I have improved it a bit, thx for the heads up.

    Thanks. I was wondering if the permission bits set on a directory will be respected under both Windows and Ubuntu? See https://unix.stackexchange.com/questions/446364/will-permission-bits-set-on-a-directory-on-an-external-hard-drive-be-respected-u

  • Another way, depending on your needs is to archive the folder as a password protected zip file.

    This is similar to another question about password protecting files.

  • Vault

    Last update: Aug 4, 2012

    You can try Vault, recent project by an ubuntu-gr member (greek local community).

    PPA:

    sudo add-apt-repository ppa:vault/ppa
    sudo apt-get update
    sudo apt-get install vault
    

    It's a gui utility for encfs (package in repositories). I quote the package description:

    $ apt-cache show encfs
    Package: encfs
    [...]
    Description-en: encrypted virtual filesystem
     EncFS integrates file system encryption into the Unix(TM) file system.
     Encrypted data is stored within the native file system, thus no
     fixed-size loopback image is required.
     .
     EncFS uses the FUSE kernel driver and library as a backend.
    Homepage: http://www.arg0.net/encfs
    

    You create a mountpoint/folder which you can then close or delete. If you close it, you need a password to open it.

    enter image description here

    ppa does not exist anymore.

  • CryFS

    You can use CryFS:

    cryfs basedir mountdir
    

    It is used by default in KDE Vaults and is particularly interesting if you synchronize the encrypted content over Dropbox, Freefilesync, rsync or similar software, because it keeps its data in small encrypted blocks and changing a small file results in only a small amount of data to be re-uploaded.

    I would advise against `cryfs` because it doesn't support (standard Unix) hard links.

    Doesn't that depend on your use-case though? I guess don't use it for anything that requires a hard link?

  • You could also use gocryptfs. In my experience it is significantly faster than cryfs with big encrypted shares, but does not hide the structure (file sizes and number of files). depending on your threat model this may or may not be a problem.

    To install

    apt install gocryptfs
    

    To initialize the basedir (once)

    gocryptfs -init basedir
    

    To mount basedir (the encrypred version) on mountdir (the unencrypted version)

    gocryptfs basedir mountdir
    

License under CC-BY-SA with attribution


Content dated before 6/26/2020 9:53 AM