Run VirtualBox and virtual machine Debian, login as root/password
Install encfs
$ apt-get update
$ apt-get install encfs
You should now take a look at the EncFS man page to familiarize yourself with its options:
$ man encfs
I will now create the directories encrypted and decrypted in my home directory:
$ mkdir -p ~/encrypted
$ mkdir -p ~/decrypted
The decrypted directory acts as the mount point for the encrypted directory. To mount ~/encrypted to ~/decrypted, simply run:
$ encfs ~/encrypted ~/decrypted
If you run this command for the first time, the EncFS setup is started, and you must define a password for the encrypted volume:
Creating new encrypted volume.
Please choose from one of the following options:
enter "x" for expert configuration mode,
enter "p" for pre-configured paranoia mode,
anything else, or an empty line will select standard mode.
?> <-- p
Paranoia configuration selected.
Configuration finished. The filesystem to be created has
the following properties:
Filesystem cipher: "ssl/aes", version 3:0:2
Filename encoding: "nameio/block", version 3:0:1
Key Size: 256 bits
Block Size: 1024 bytes, including 8 byte MAC header
Each file contains 8 byte header with unique IV data.
Filenames encoded using IV chaining mode.
File data IV is chained to filename IV.
File holes passed through to ciphertext.
....
Make sure you remember the password because there's no way to recover your encrypted data if you forget the password!
You should now find the EncFS volume in the outputs of
$ mount
and
$ df
To save your data in encrypted form, put your data into the decrypted directory, just as you would do with a normal directory:
$ cd ~/decrypted
$ echo "hello foo" > foo
$ echo "hello bar" > bar
$ ln -s foo foo2
If you check the contents of the directory, you will see that you can see it in unencrypted form...
$ ls -l
... while in the encrypted directory, it's encrypted:
$ cd ~/encrypted
$ ls -l
To unmount the encrypted volume, run:
$ cd
$ fusermount -u ~/decrypted
To mount it again, run
$ encfs ~/encrypted ~/decrypted
If you want to change the password, you can do this with the
$ encfsctl passwd ~/encrypted