The goal here is to create an encrypted folder on the hard drive with an unencrypted access point. I want to have a regular folder that I can read and write to, but that would automatically be encrypted on the hard drive. Then, when I unmount the unencrypted access point, the encrypted files can’t be read. This method is easier than encrypting an entire disk or partition, and faster than encrypting individual files. It is also more versatile, because you can easily move the encrypted location to any disk or subfolder and simply change your mount command (step 5 below) to reflect the new encrypted location.
- First install the necessary tools:
apt-get install ecryptfs-utils
- Load the newly installed kernel module:
modprobe ecryptfs - Create the encrypted folder with the necessary permissions:
mkdir -m 700 encrypteddirname
- Create the unencrypted folder with the necessary permissions:
mkdir -m 500 unencrypteddirname
- Link up the encrypted destination with the unencrypted starting point:
mount -t ecryptfs encrypteddirname unencrypteddirname
- Answer all the questions asked about encryption options.
- Anything placed in unencrypteddirname will now be stored encrypted in encrypteddirname.
- To remove the unencrypted access point, leaving only the encrypted version on disk:
umount unencrypteddirname