Question

1

How to encrypt folders (not in Home)?

rated 0 times [ 1] [ 0] / answers: 1 / hits: 6671 / 1 Year ago, sat, december 24, 2022, 8:30:17

Is there a way to encrypt a folder, which is not in Home (/home/user/) but even in a different partition, so only my user can access/read contained files?

Alternatively, I would like to understand if it is possible to turn a complete ext4 partition into an encrypted volume, which would be mounted at user login.

If possible, I would like to make the change without reinstalling Ubuntu.

My PC has (mount output):

/dev/sda1 on / type ext4 (rw,errors=remount-ro)

/dev/sda3 on /home type ext4 (rw)

/dev/sda4 on /home/igor/Personale type ext4 (rw)

sda4 is the partition containing folders I would like to protect.

Answers

Only authorized users can answer the question. Please sign in first, or register a free account.

shadowoof

Add To Favorites

Follow

Total Points: 293

Total Questions: 112

Total Answers: 137

Location: Burkina Faso

Member since Sun, Nov 21, 2021

3 Years ago

shadowoof questions

1 How to see the running time of a python program using terminal command

Wed, Dec 7, 22, 03:59, 1 Year ago

1 How to list the size of each installed snap package in Ubuntu 20.04?

Thu, Sep 9, 21, 15:29, 3 Years ago

1 ZFS bpool is almost full; how can I free up space so I can keep updating my system without errors?

Sat, Jan 14, 23, 23:13, 1 Year ago

1 GNOME 3 show path to a desktop file seen in launcher?

Sun, May 8, 22, 22:01, 2 Years ago

1 Kubuntu randomly freezes on new laptop after few hours of use

Fri, Apr 29, 22, 23:54, 2 Years ago

View All

answered 1 Year ago raldership · Accepted Answer

eCryptfs would be a good choice (Ubuntu encrypted home directory uses ecryptfs) if you want to encrypt /dev/sda4 which is mounted as /home/igor/Personale type ext4

You don't have to re-install anyway. ecryptfs is flexible (you can encrypt folders or partitions) and easy to use, it is layered on top of the current file system - ext4 in your case. Basically you have a partition/block device, create file system and mount it, then use ecryptfs to encrypt it.

In your case, it's /dev/sda4, to encrypt it
NOTE: although this process retains existing data I strongly recommend backing up to a different partition or external HDD. Because later on we need to copy it back to get data encrypted (existing data won't get encrypted).

Steps:

install ecryptfs-utils package 1st
```
sudo apt-get install ecryptfs-utils
```

mount the destination directory as ecryptfs (suppose /dev/sda4 already mounted on /home/igor/Personale)
```
mount -t ecryptfs /home/igor/Personale /home/igor/Personale
```

NOTE: You will be prompted for pass phrase, cipher, key bytes, plaintext passthrough (y/n), filename encryption (y/n).

Done. Existing data won't be encrypted anyway, you can delete existing data and copy if from backup (that's why I recommended backing up, a data swap is needed to activate encryption on existing files). Use rsync for backup/restore:

    rsync -axHAX /backup /home/igor/Personale

BTW: you can see the encrypted partition use findmnt or mount, e.g
/home/terry/topsecret on /home/terry/topsecret type ecryptfs (rw,ecryptfs_sig=633937dbcf1fef34,ecryptfs_cipher=aes,ecryptfs_key_bytes=16,ecryptfs_unlink_sigs)