How to encrypt individual folders?
WARNING: CryptKeeper has recently been reported that it has a universal password bug that puts your data at potential risk. This issue may not yet be fixed in Ubuntu, use this solution at your own risk.
Relevant bug information links:
Upstream bug: https://github.com/tomm/cryptkeeper/issues/23
Debian bug: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=852751
sudo apt-get install cryptkeeper
After installing, go to Applications –> System Tools –> Cryptkeeper.
Cryptkeeper will automatically attach itself to the top panel
To create an encrypted protected folder, click on Cryptkeeper applet and select ‘New encrypted folder’
Then type the folder name and where to save the folder and click ‘Forward’.
Type the password and click ‘Forward’.
The folder will be created and ready to be used.
To access all encrypted folder, click on Cryptkeeper applet on the panel and select each folder.
Type the password before it is mounted to be accessed.
To delete a folder or change the password, right-click the folder in the panel-applet.
In case you can't see the panel icon run `gsettings set com.canonical.Unity.Panel systray-whitelist "['all']"` and `unity --replace`.
@fossfreedom , When the Gurru say its excellent , then it's a excellent answer . thankyou
@Jakob At least in 13.10, `com.canonical.Unity.Panel` doesnt exist, and `systray-whitelist` is an invalid key in all available `Unity.` schemas :(
Search for and install ‘ecryptfs-utils’ in Ubuntu Software Center:
After installing, go to Applications –> Accessories –> Terminal and run the command below:
You’ll be prompted to type your login passphrase (password), and to create one for your private folder:
When you’re done creating your password, Log Out and Log back in:
Next, go to Places –> Home Folder:
And new folder should be created in your home directory called ‘Private’. This folder in encrypted and password-protected. Move all your personal stuff into this folder to secure them:
Users without access to the folder will be denied:
You have 2 choices if you want to lock down a folder from other users
Encrypt or create a compressed password protect archive of the files. This method (Cryptkeeper) is perfect for this case when you need to be 100% sure no one will ever look at your files without knowing the password used there.
Use your computer folder / file permissions to deny access to your folder to other user.
The first involves making sure that the result cannot be opened by any user without knowing the password used.
The second will only change the file / folder privileges so that another user without rights cannot open it. The folder still exists, can be accessed by any user with
sudorights in your system or using a LiveCD and reading the partition. It is also simpler to implement and does not require that you type a password all the time you need to open / mount the encrypted folder / archive.
An easy and fast way to do so is using
chmodto change the privileges for a file or folder.
Open a terminal and navigate to the place where your folder is, lets assume that the folder name is
fooand that we are currently located where the folder is.
chmod 700 foo
fooonly available for your eyes, its not encrypted (that is also possible) but only your user (and or a user with sudo privileges) can read or open that file / folder.
You can also do it graphically by right clicking on a file or folder and changing its permissions manually. In the example below you as owner have all privileges and you deny any other group or user from accessing, reading or modifying that file / folder
For more information about file / folder permissions visit the Ubuntu
Understanding and Using File Permissionswiki page.
Sounds great, but doesn't make much sense. How do I simply "change the privileges" for a while or folder?
You're dealing with newbies here. What does "using the command" mean? If I click on a folder, then how do "use a command"?
I have added that to the answer also, right click a folder and go to the **permissions** and have a look at it. The example given would make the file / folder only accessible by you or a user with sudo rights. It is the same as issuing `chmod 700 ` in a terminal.
Brilliant. I shall try that. EDIT: Hang on. Doesn't that only work if someone else is logged on to my PC? Right now, I am logged on - and am the only user - so therefore, I can access all those folders without typing in a password.
Since "encryption" is mentioned in the question, I added a clarification in the answer. Feel free to improve it!
Thanks. I was wondering if the permission bits set on a directory will be respected under both Windows and Ubuntu? See https://unix.stackexchange.com/questions/446364/will-permission-bits-set-on-a-directory-on-an-external-hard-drive-be-respected-u
Last update: Aug 4, 2012
You can try Vault, recent project by an ubuntu-gr member (greek local community).
sudo add-apt-repository ppa:vault/ppa sudo apt-get update sudo apt-get install vault
It's a gui utility for encfs (package in repositories). I quote the package description:
$ apt-cache show encfs Package: encfs [...] Description-en: encrypted virtual filesystem EncFS integrates file system encryption into the Unix(TM) file system. Encrypted data is stored within the native file system, thus no fixed-size loopback image is required. . EncFS uses the FUSE kernel driver and library as a backend. Homepage: http://www.arg0.net/encfs
You create a mountpoint/folder which you can then close or delete. If you close it, you need a password to open it.
ppa does not exist anymore.
You can use CryFS:
cryfs basedir mountdir
It is used by default in KDE Vaults and is particularly interesting if you synchronize the encrypted content over Dropbox, Freefilesync, rsync or similar software, because it keeps its data in small encrypted blocks and changing a small file results in only a small amount of data to be re-uploaded.
I would advise against `cryfs` because it doesn't support (standard Unix) hard links.
You could also use gocryptfs. In my experience it is significantly faster than cryfs with big encrypted shares, but does not hide the structure (file sizes and number of files). depending on your threat model this may or may not be a problem.
apt install gocryptfs
To initialize the basedir (once)
gocryptfs -init basedir
To mount basedir (the encrypred version) on mountdir (the unencrypted version)
gocryptfs basedir mountdir