encryption – How to Encrypt Folders (Not in Home)

directoryencryptionpartitioning

Is there a way to encrypt a folder, which is not in Home (/home/user/) but even in a different partition, so only my user can access/read contained files?

Alternatively, I would like to understand if it is possible to turn a complete ext4 partition into an encrypted volume, which would be mounted at user login.

If possible, I would like to make the change without reinstalling Ubuntu.

My PC has (mount output):

/dev/sda1 on / type ext4 (rw,errors=remount-ro)
/dev/sda3 on /home type ext4 (rw)
/dev/sda4 on /home/igor/Personale type ext4 (rw)

sda4 is the partition containing folders I would like to protect.

Best Answer

eCryptfs would be a good choice (Ubuntu encrypted home directory uses ecryptfs) if you want to encrypt /dev/sda4 which is mounted as /home/igor/Personale type ext4

You don't have to re-install anyway. ecryptfs is flexible (you can encrypt folders or partitions) and easy to use, it is layered on top of the current file system - ext4 in your case. Basically you have a partition/block device, create file system and mount it, then use ecryptfs to encrypt it.

In your case, it's /dev/sda4, to encrypt it NOTE: although this process retains existing data I strongly recommend backing up to a different partition or external HDD. Because later on we need to copy it back to get data encrypted (existing data won't get encrypted).

Steps:

  1. install ecryptfs-utils package 1st

    sudo apt-get install ecryptfs-utils
    
  2. mount the destination directory as ecryptfs (suppose /dev/sda4 already mounted on /home/igor/Personale)

    mount -t ecryptfs /home/igor/Personale /home/igor/Personale
    

NOTE: You will be prompted for pass phrase, cipher, key bytes, plaintext passthrough (y/n), filename encryption (y/n).

Done. Existing data won't be encrypted anyway, you can delete existing data and copy if from backup (that's why I recommended backing up, a data swap is needed to activate encryption on existing files). Use rsync for backup/restore:

    rsync -axHAX /backup /home/igor/Personale

BTW: you can see the encrypted partition use findmnt or mount, e.g /home/terry/topsecret on /home/terry/topsecret type ecryptfs (rw,ecryptfs_sig=633937dbcf1fef34,ecryptfs_cipher=aes,ecryptfs_key_bytes=16,ecryptfs_unlink_sigs)