Question

12

Filesystem that gives an encrypted view of a directory—the inverse of EncFS

rated 0 times [ 12] [ 0] / answers: 1 / hits: 4389 / 3 Years ago, wed, august 4, 2021, 1:41:38

Currently I'm using EncFS to encrypt my directory "confidential" to ".encconfidential" and sync that encrypted directory using an online service (e.g. Dropbox, UbuntuOne etc). However my entire disk is already LUKS encrypted, so the double encryption takes a toll on performance.

I wonder is there an "inverted" EncFS option? An unencrypted directory gets mounted and in the mounted directory you only see encrypted files. So I could work with the unencrypted documents while the sync tool sees and read/writes the encrypted files only.

Clarification: My primary use case is sync not backup. I want to be able to securely keep machines in sync without the double encryption penalty when operating local (I have to wait when I hit save, compared to transmission time an encrypted operation is a minimal increment in time - and it is background time, not user time)

Answers

Only authorized users can answer the question. Please sign in first, or register a free account.

gavgenerati

Add To Favorites

Follow

Total Points: 120

Total Questions: 126

Total Answers: 119

Location: Marshall Islands

Member since Wed, Feb 9, 2022

2 Years ago

gavgenerati questions

1 How to access /var/lib/mysql folder in ubuntu

Wed, Jun 22, 22, 17:24, 2 Years ago

1 Why does apt-get install recommended packages by default?

Fri, Jul 30, 21, 04:32, 3 Years ago

1 Allocate more disk space to Ubuntu

Fri, Jan 14, 22, 14:20, 2 Years ago

1 Ubuntu Linux doesn't recognise my external monitor on USB-C

Tue, Jul 27, 21, 19:05, 3 Years ago

1 accidentally deleted EFI partition, system is still running!

Tue, Aug 2, 22, 21:07, 2 Years ago

View All

answered 3 Years ago oreera · Accepted Answer

There actually is an Encfs "inverted" option. From the Encfs man page:

   --reverse

       Normally EncFS provides a plaintext view of data on demand.  Normally it stores enciphered data and displays plaintext data.  With --reverse it

       takes as source plaintext data and produces enciphered data on-demand.  This can be useful for creating remote encrypted backups, where you do

       not wish to keep the local files unencrypted.



       For example, the following would create an encrypted view in /tmp/crypt-view.



           encfs --reverse /home/me /tmp/crypt-view



       You could then copy the /tmp/crypt-view directory in order to have a copy of the encrypted data.  You must also keep a copy of the file

       /home/me/.encfs5 which contains the filesystem information.  Together, the two can be used to reproduce the unencrypted data:



           ENCFS5_CONFIG=/home/me/.encfs5 encfs /tmp/crypt-view /tmp/plain-view



       Now /tmp/plain-view contains the same data as /home/me



       Note that --reverse mode only works with limited configuration options, so many settings may be disabled when used.

I have not tried it for syncing, but I think it would work as long as you use the same .encfs5 config folder at the other end.