UPDATE: 11 SEPTEMBER 2011
When I first wrote this post, I recommended the use of cfs. But that was a few years ago, and now I recommend truecrypt. cfs is fiddly, and is hard to get used to if you don’t use the command line interface much and don’t know how to RTFM. Whereas truecrypt has a nice graphic user interface, encrypts “on the fly”, and has a ton of other features that make it my fave encryption application. You can read all about it, and download it, at www.truecrypt.org.
Ubuntu does not, by default, provide a way to create password-protected directories. A right-click on a folder does offer to encrypt, but that is done with gpg, which uses a gpg key. You’d need to email your public key to anyone you wanted to have access to the folder, which is a rather cumbersome procedure when all you want is a simple password protection!
Using the -c flag with gpg (gpg -c) uses symmetrical encryption – this means a protected file can be opened with a password. But gpg -c works only on files, not directories.
Truecrypt is an encryption package that does allow the user to create password-protected directories. Unfortunately, you can’t install truecrypt with apt-get or Synaptic – it is not in any of the repsitories. But you can get it in .deb form, from www.truecrypt.org.
There is an app in the repositories that enables the user to create password-protected folders. This app, cfs, is for creating encrypted partitions and filesystems. And as a directory is a filesystem, cfs is good for our purpose.
cfs is a command-line utility. Unfortunately, many newbies don’t like using the command-line interface. But there’s no need to fear the CLI. Here is a step-by-step tutorial on how to use cfs to create a password-protected directory.
First thing we need to do is install cfs. This can be done through Synaptic or with apt-get. And as are going to be using a terminal for this procedure, we may as well start right now. So, open a terminal Applications > Accesories > Terminal and type in the command
sudo apt-get install cfs
Type in your password when prompted. apt-get will ask if you want to install the other packages that cfs depends on – answer “y” to all this. When cfs has been successfully installed, apt-get will exit and you’ll be returned to the command prompt.
There will now be several new commands available to you. The ones we will need today are cmkdir, cattach and cdetach.
Now we need to create the encrypted directory. To do this, we will use the command cmkdir. cfs will ask for a “key” – this is the pass phrase you will use to open the folder in the future, and must be at least 16 character long. In this example I’m going to call my encrypted directory “lock”.
So, go to the location where you want to put the directory and create it,
user@ubuntu:~$ cmkdir lock
So, the encrypted directory “lock” has been created in my home directory – ie ~/lock. Now we want to put our secret files into it. This is done by attaching another directory to ~/lock. I’ll call this one “clock”, but you can call it whatever you like. cfs will ask for the key – this means the pass phrase you just made up.
user@ubuntu:~$ cattach lock clock
If you look in the directory /crypt you will find the directory you just made – /crypt/clock. This is where you want to put your secret files. You don’t put the files direcly into ~/lock.
user@ubuntu:~$ mv file1 file2 file3 /crypt/clock/
Now, to close ~/lock so no one can get into it, we need to unattach the directory with the cdetach command.
user@ubuntu:~$ cdetach clock
Do you want to check that your files are in ~/lock, and that they’re encrypted? Well, let’s see a list of ~/lock’s contents:
user@ubuntu:~$ ls lock
19929910f65ed51c 1deec15b5201f48d c8b70c7c5b4e5884
So the file names have been encrypted too. And what’s in them?
user@ubuntu:~$ cat lock/19929910f65ed51c
8LåD3&O0Ã5┌¦·1Þ_-R⎽û°8(Ôµ┬çH¸SÈ¾°␉⎽«¦S£ò?ÿßë´æ¡⎺V◆O├äE◆ì$VEM¨⎺VüÔÐÄ²ïÑ├] >(␤ ª@Õåµ┘¡┬/éâ┌␌O±Àâ0Q
H◆?7¿C#┘èÄSÜµ*?ÚB─Kõ·ù¾°ÃB£Êß9ÏU¢ÈÖ+(ëöQ®┐?:≥ÔID¡(ÚÁ;¿<(ÒÃ⎼ñC óI┌ÚMËÕ│S¾ÛüM®ÄÇ Î␋⎽Ñ◆┬? àÌ¢ý┌SÉ└½[¢⎼°ÿ ␌ºä┬üLÈWìHÖ¬◆Ô3à° ┌Ï┼≠␋¶≠/S-Í¾·ï20áµïÍ£©≥Ô␌␋,┐ ├5´Ë²Â␌ß³≠¥(¢] ⎺æ≠·ÙU│àô
When you want to access your secret files, or if you want to put more files into ~/lock, you must first reattach it, using cattach. You move files in or out of the attached directory in /crypt – you never put files directory into ~/lock. Then when you’re finished, you retach using cdetach. You must never forget to detach if you want to keep the secret files secret.
If you’ve got any questions or comments, don’t be shy!