+5 votes
506 views
How to encrypt files with Gocryptfs on Linux | Encrypt

in Security by (552k points)
reopened | 506 views

1 Answer

+3 votes
Best answer

1. What is Gocryptfs and use of parameters
1. Install Gocryptfs on Linux
2. Create Gocryptfs encrypted directory on Linux
3. Mount Gocryptfs encrypted directory on Linux
4. Unmount Gocryptfs encrypted directory on Linux

The security of Linux information is a key aspect that thousands of users since many of the data we handle daily are classified as confidential and if they fall wrong hands simply be in trouble privacy..

 

Nowadays the information methods have advanced a lot and some of the platforms that we use for this offer us special security protocols, but in view of the fact that almost by default the data is housed in the cloud, these can be a factor of risk as the cloud is global. While it is true that it allows us to access this data from anywhere, it also implies that if the correct security measures are not in place, simply a person with the appropriate tools can violate the cloud and access our data.

 

 

We can protect Linux data from the access to the account such as the physical devices where the information is hosted, but without a doubt one of the most effective methods is to encrypt the data to prevent access, and this is no longer like a few years ago where we should have been. encrypt the entire hard drive, it is now possible to reduce this task to encrypting only portions or a specific object..

 

To help us with this task we have Gocryptfs and TechnoWikis will explain how it works and what this utility is about.

 

To stay up to date, remember to subscribe to our YouTube channel!   SUBSCRIBE

 


1. What is Gocryptfs and use of parameters


Gocryptfs makes use of a file-based encryption system which is implemented as a mountable FUSE file system, this allows each of the files in Gocryptfs to be stored in an encrypted file on the hard drive. The files that are encrypted with this utility can be stored in different folders on the hard drive, on a USB memory or within the Dropbox folder if we wish.

 

One of the advantages of using Gocryptfs is that since this is a file-based encryption system and not with the disk encryption method, it is that each of the encrypted files are able to be synchronized much more comprehensively when using utilities such as Dropbox or rsync. Gocryptfs is based on EncFS and allows to improve security, as well as to deliver optimal performance in the tasks that are required..

 

Gocryptfs ciphers
Gocryptfs offers us encryption like:

 

  • Password encryption
  • GCM encryption for all file content
  • EME wide block encryption for file names with one IV per directory

 

 

Gocryptfs works on Linux systems and on macOS it is still in the testing phase.

 

Gocryptfs parameters
There are a series of variables of this utility to be used, these are:
  • -aessiv: implement AES-SIV encryption mode
  • -allow_other: allow access to other users, subject to file permission verification
  • -config string: makes use of the configuration file that we indicate instead of using CIP-HERDIR / gocryptfs.conf.
  • -d, -debug: enable debug output
  • -dev, -nodev: This option enables (-dev) or disables (-nodev) device files in a gocryptfs mount (default: -nodev)
  • -exec, -noexec: enable (-exec) or disable (-noexec) executables in a gocryptfs mount
  • -forcedecode: Forces decoding of encrypted files even if integrity check fails
  • -fsck: Checks the consistency of CIPHERDIR, in case of being detected corruption, the exit code is 26
  • -fusedebug: enable FUSE library debug output
  • -h: access the help of the utility
  • -hh: displays all available options
  • -info: prints the content of the configuration file to be read by the human being, eliminating confidential data.
  • -init: Initialize the encrypted directory.
  • -masterkey string: makes use of an explicit master key specified in the command line
  • -nonempty: Allows mounting on non-empty directories
  • -noprealloc: Disable pre-allocation before writing data
  • -passwd: change directory password
  • -plaintextnames: Do not encrypt file names or symbolic link destinations.
  • -raw64: use base64 encoding without padding for filenames
  • -speed: Run the encryption speed test.

 

 


1. Install Gocryptfs on Linux

 

Step 1

To install this encryption utility we are going to execute the following command:
 On Ubuntu or Debian: sudo apt install gocryptfs On CentOS or Fedora: sudo dnf install gocryptfs In Manjaro: sudo pacman -Syu gocryptfs 
Step 2

In this case we will install it in Ubuntu:
 sudo apt install gocryptfs 
image

 

 

Step 3

Once installed we can validate the version used with the following command:
 gocryptfs -version 
image

 

 


2. Create Gocryptfs encrypted directory on Linux

 

Step 1

Basically the process of use to encrypt a file is the following:
  • Create a directory where the files and subdirectories to be encrypted will be stored
  • Make use of Gocryptfs to initialize said directory.
  • Create an empty directory which will act as a mount point to later mount the encrypted directory on it.
  • At the mount point, it is possible to view and use the decrypted files and create new ones if it is the case
  • Unmount the encrypted folder when the process is complete

 

Step 2

We will create the directory with the command "mkdir":
 mkdir TechnoWikis1 
image

 

 

Step 3

Now we are going to initialize this new directory, there the Gocryptfs file system will be created within the associated directory:
 gocryptfs -init TechnoWikis1 
Step 4

By pressing Enter we enter and confirm the password to use and as a result we will obtain the master keys of the directory. We can copy this master key and paste it in a safe place.

 

 

 

 

image

 

 

Step 5

Now we will go to the directory that we have created with the command "cd":
 cd TechnoWikis1 
Step 6

Once there we enter the following:
 ls -ahl 
image

 

 

Step 7

There we find two files that are:

 

  • "Gocryptfs.diriv" which is a short binary file
  • "Gocryptfs.conf" is a file where the configurations and information to be backed up are stored

 

Note
In case of uploading the encrypted data to the cloud or carrying out a backup on a USB, TechnoWikis advises you not to integrate this file there, this because a user can obtain the password from the entries of "encrypted key" and " salt "with the command:
 cat gocryptfs.conf 
image

 

 


3. Mount Gocryptfs encrypted directory on Linux

 

Step 1

The encrypted directory will be mounted on a mount point, this is an empty directory, we create the new directory:
 mkdir TechnoWikis2 
image

 

 

Step 2

It is time to mount the encrypted directory in the mount point, what it does is mount the Gocryptfs file system within the encrypted directory that we have created, we execute:
 gocryptfs TechnoWikis1 TechnoWikis2 
Step 3

When doing this we will enter the password that has been assigned in the beginning and we will see the following:

 

 

 

image

 

 

Step 4

Once the directory is mounted, we can create and edit the objects that are necessary in it, in this case we create a text file with "touch" and with "gedit" we edit it:
 touch TechnoWikis.txt gedit TechnoWikis.txt 
image

 

 

Step 5

By changing to the encrypted directory we can see that a new file has been created where its name is encrypted:

 

image

 

 

Step 6

There we can use "ls -hl" for more complete details:

 

image

 

 

Step 7

We can try to visualize the content of this file with the command "them":
 less "file" 
image

 


4. Unmount Gocryptfs encrypted directory on Linux

 

Step 1

When the moment is necessary we can unmount the directory using the fusermount command:
 fusermount -u TechnoWikis2 
Step 2

Then we can access this directory and with "ls" validate that it is empty:

 

 

 

image

 

 

Gocryptfs is one of the most complete solutions to add security to confidential files in Linux.

 


by (3.5m points)

Related questions

+4 votes
1 answer
asked Nov 2, 2019 in Security by backtothefuture (552k points) | 889 views
+3 votes
1 answer
asked Nov 10, 2019 in Security by backtothefuture (552k points) | 281 views
+5 votes
1 answer
asked Oct 7, 2019 in Security by backtothefuture (552k points) | 362 views
+5 votes
1 answer
+3 votes
1 answer
asked Nov 21, 2022 in Security by backtothefuture (552k points) | 61 views
Sponsored articles cost $40 per post. You can contact us via Feedback

Most popular questions within the last 30 days

10,659 questions
10,791 answers
510 comments
3 users