I wish to encrypt certain files or even better all data files that I create and download to my Ubuntu laptop in order to protect them from unauthorized users. What are my options? What are problems to watch out for? Is there any program that will encrypt/decrypt everything going in and out of specific directories on the hard disk transparently?

asked 04 May '10, 02:15

paranoid's gravatar image

accept rate: 0%

edited 04 May '10, 18:37

Web31337's gravatar image


Please accept an answer so the question/answer can be finished. Or provide more details so we can help.

(20 Apr '11, 13:58) rfelsburg ♦

You can use TrueCrypt or EncFS for this as well.

TrueCrypt: http://www.truecrypt.org/

EncFS: http://www.arg0.net/encfs

I'm sure there are lots of tutorials available for both :)


answered 04 May '10, 04:39

feinom's gravatar image

accept rate: 33%

You can use encrypted filesystem with LUKS (cryptosetup).


or google for "cryptsetup luks howto"

advantage: built-in in kernel

you can encrypt containers too (loop device)


answered 04 May '10, 13:13

Tom%20Funke's gravatar image

Tom Funke
accept rate: 0%

Well to encrypt a single file, you can use gpg:

$ gpg -c filename

It should then prompt for a passphrase or password for it. Though, to encrypt entire directories, I think you may have to compress it first.

The quickest way I can think of that'll encrypt files as you place them in a directory is writing a script that is constantly waiting for new files to be placed in said directory, and it then encrypts it and continues to wait for more. But that method would probably be pretty process heavy for a simple directory that encrypts files as they're placed in.


answered 04 May '10, 02:50

Jub's gravatar image

accept rate: 14%

gpg-zip is a way to compress directories.

(04 May '10, 18:36) Web31337

I've been using truecrypt for quite some time now, without issue. Both whole drives and individual directories and easy to use. Even on windows machines.


answered 04 May '10, 16:35

mithrandir9x's gravatar image

accept rate: 0%

I have been using TrueCrypt as well for a few months and it works great.


answered 04 May '10, 19:22

carlicuslinux's gravatar image

accept rate: 0%

use gpgdir does a very good job; google "gpgdir"


answered 07 May '10, 17:38

max's gravatar image

accept rate: 0%

Well, with Ubuntu, you actually have the option on installing the operating system (since 9.10) to have your home directory always encrypted. This means that all data saved in your /home/username directory is unreadable by anyone. Ubuntu will automatically un-encrypt your home directory when you log in and re-encrypt when you log out.

(In technical terms, your data is actually stored as a mountable image in an encrypted format. When you login your encrypted data is mounted to be immediately accessible, so if you log out or lose power or whatever, your data is still encrypted because it needs to be remounted on boot each time which is a quick and relatively painless task for the OS to do)


answered 11 May '10, 08:58

Gareth's gravatar image

accept rate: 62%

To those using TrueCrypt, Google "Evil Maid Attack" (no quotation marks).


answered 11 May '10, 19:20

Ron's gravatar image

Ron ♦
accept rate: 13%

All of the above answers are great!

But all you really have to do is:

$ chmod -Rv 400 ~/.privdata

Where .privdata is the hidden directory tree you are concerned with(Hiding the directory only serves the "out of sight, out of mind" aspect, but every little bit of obfuscation adds some extra layer of security).

That leaves only one user to concern yourself with, and that's the Superuser - if that's you, then:

# chmod -Rv 400 /root/.privdata

Should fix everything up nicely, without having to even worry about ecrypting the data since it is now inaccessible unless you get 0wn3d by a h4x0r, but there's more ;)

Regardless of which methodology (or combination thereof) you choose (and you may want to mix for example, gpgdir or truecrypt with the methodology I've just provided you with), there's an often forgotten goodie that I regularly use (DO NOT FORGET THAT YOU HAVE DONE THIS) to make the file completely immutable:

$ man chattr

Be careful with this - it is only for the most paranoid and it is akin to hard-coding data on your hard drive - so again, if you use it, don't forget that you have.

I hope that helps!

Kindest regards,

Bradley http://NorthTech.US



answered 24 May '10, 22:03

tallship's gravatar image

accept rate: 20%

edited 24 May '10, 22:17

Ron, thanks for the informative post. I was considering encrypting my home directory with TrueCrypt, but now I don't see the point.


answered 21 May '10, 14:51

Randy%202's gravatar image

Randy 2
accept rate: 0%

Your answer
toggle preview

Follow this question

By Email:

Once you sign in you will be able to subscribe for any updates here



Answers and Comments

Markdown Basics

  • *italic* or _italic_
  • **bold** or __bold__
  • link:[text](http://url.com/ "Title")
  • image?![alt text](/path/img.jpg "Title")
  • numbered list: 1. Foo 2. Bar
  • to add a line break simply add two spaces to where you would like the new line to be.
  • basic HTML tags are also supported



Asked: 04 May '10, 02:15

Seen: 4,560 times

Last updated: 20 Apr '11, 13:58

powered by OSQA