Never Ending Security

It starts all here

Encrypt / password protect data on Linux with encfs

Encfs – Encrypted file system

We often need to put some confidential data on the hard drive, in which case it becomes essential to have some kind of security mechanism to keep it hidden from unauthorised access of any kind. It could contain credit card numbers, bank statements and list of passwords for various online services.

One way to protect such data with security is to put them in a directory that is password protected or is encrypted. So the encrypted content will need a password everytime to be viewed. Ubuntu comes with a few handy tools to do this, although they are terminal based and will require a bit of effort to setup and use.

Install and setup encfs

The tool is called encfs and is easily installable from synaptic.

$ sudo apt-get install encfs

Once it is installed it will need a minimal setup. Lets say we want to create an encrypted directory called .encrypted inside the home directory whose content shall be available in the directory ‘visible’ upon request. Then run the following command.

$ encfs ~/.encrypted ~/visible

On the first run it will ask a couple of questions like mode and password etc.

$ encfs ~/.encrypted ~/visible
The directory "/home/enlightened/.encrypted/" does not exist. Should it be created? (y,n) y
The directory "/home/enlightened/visible" does not exist. Should it be created? (y,n) y
Creating new encrypted volume.
Please choose from one of the following options:
 enter "x" for expert configuration mode,
 enter "p" for pre-configured paranoia mode,
 anything else, or an empty line will select standard mode.
?> p

Paranoia configuration selected.


New Encfs Password: 
Verify Encfs Password: 

Now it is setup and to use it run the same command everytime.

$ encfs ~/.encrypted ~/visible
EncFS Password:

It will ask for the password that was set earlier and upon entering the correct password, the contents of the ‘.encrypted’ directory will be available in the ‘visible’ directory.

Now put all your confidential data inside the visible directory and will be go into the encrypted directory. Once you are done working with the confidential data, simply unmount the visible directory by issuing the following command

$ fusermount -u ~/visible

It will unmount the encrypted directory and all content that was visible in the visible directory will vanish. Rest assured it is there in the encrypted directory and will become available again by running the previous command.


Cryptkeeper is a gui tool that makes the process of mounting and unmounting the encrypted folder a bit easier by providing a taskbar icon. Install it from synaptic.

$ sudo apt-get install cryptkeeper

Now it can be run from “Applications->System Tools->Crytpkeeper” menu in gnome or the K->System->Cryptkeeper menu in kde. Once the taskbar icon comes up left click on it and click “Import EncFS Folder”. Select the encrypted directory and the directory to mount from the popup dialog. Now again left click on the taskbar icon and select the directory to mount it. It will ask for the password and will mount the directory then. To unmound again click the icon and unselect the directory. Simple as that.

How to create password protected zip archive

Command Line

The zip command can be used to create password protected zip files easily. Here is a quick example

$ zip -P *secret* file.txt

Note that the P is capital. Can also type “–password” instead of the “-P”.

$ zip --password *secret* file.txt

The above approach might be a bit insecure since the password is visible and the command is stored in the terminal history and can be retrieved. Another option is the e option which prompts user to enter the password.

$ zip -e file.txt
Enter password: 
Verify password:

The zip utility can be installed on ubuntu through apt-get

$ sudo apt-get install zip unzip

Password protect existing zip files

The above methods work well, but there is an easier way. First create a zip file using any of your favorite gui tools and then password protect it using the zipcloak command.

$ zipcloak 
Enter password: 
Verify password:

This is the quickest method since you don’t have to remember any commandline parameters. Just the name of the command is enough.


There is a cross platform gui archive manager called Peazip which can be downloaded from

It is probably the most featureful gui archive manager available for Linux. With peazip you do not need the commandline/terminal and everything can be done from the gui interface very much like winzip on windows.


Leave a Reply

Please log in using one of these methods to post your comment: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s