How to Encrypt Files with gocryptfs on Linux – Guide
Gocryptfs is a file-level encryption utility that is mounted on a Userspace (FUSE) file system. This allows any user to mount – you don’t need to be root. Since gocryptfs encrypts at the file level, sync operations that copy your files can work efficiently for each file. This is in contrast to disk-level encryption, which encrypts the entire disk as a single large binary blob.
When you use gocryptfs in normal mode, your files are stored on your hard drive in an encrypted format. However, if you provide the files encrypted, you will have unencrypted access to your files. That means all your regular tools and programs can use your files unencrypted. Changes, new files and deletions are reflected in real-time in the encrypted version of files stored on your hard drive.
How to make use of Gocryptfs to encrypt files.
Installation
Linux
sudo apt-get install gocryptfs
The sudo apt install gocryptfs command installs the GoCryptFS file system. ..
pacman -S gocryptfs
For Debian GNU/Linux, you can download the binary file from the Debian website.
Mac
- Open Terminal and type “brew install gocryptfs”
- If you’re using a Macbook Pro, you may need to use “sudo” to execute the command.
- Once Homebrew is installed, you can use it to access gocryptfs:
- Type “gocryptfs” in Terminal and press return
- You’ll be asked for your password, which you’ll need to remember if you want to use this feature later on. After your password is entered, gocryptfs will start up and will be ready to use:
Install Homebrew on your Mac using the curl command. ..
sudo apt-get install gocryptfs
To encrypt a file, use the following command:
gocryptfs encrypt
windows
Windows cannot natively support Gocryptfs, but cppcryptfs is an implementation of the gocryptfs encrypted overlay file system that can be used on Windows. Follow the building instructions here to build cppcryptfs.
Using gocryptfs to encrypt files
/mnt/gocryptfs /mnt/crypto Then, you need to create a file in each of these folders called “config.txt” with the following content: #GOCRYPTFS_HOME=/mnt/gocryptfs #MOUNT_NAME=crypto #MOUNT_TYPE=ext4 #MOUNT_SIZE=1G Next, you need to create a systemd service file in /mnt/gocryptfs called “crypto-server.service” with the following content: [Unit] Description=Crypto server for gocryptfs [Service] Type=simple ExecStart=/usr/bin/gocryptfs -s /mnt/gocryptfs -c config.txt [Install] WantedBy=multi-user.target
To encrypt a folder, first create a “plain” folder and then place the encrypted folder inside it. ..
Starting today, all files you put in the “plain” folder will be encrypted and stored in the “encrypted” folder. This is to help protect your data from unauthorized access. ..
- Dropbox:
- Dropbox: Private:
- Dropbox: Private: Mount
Your files will be encrypted in the “Encrypted” folder and uploaded to the Dropbox server.
SiriKali – a GUI tool for using gocryptfs
SiriKali is a GUI tool that can be used to encrypt with gocryptfs and other standards. It is available for Linux, macOS and Windows, although the Windows version does not support gocryptfs.
SiriKali is a Linux-based security toolkit that includes a variety of tools to help protect your computer from malware and other online threats. To download and install the software, go to the SiriKali website and select the package that is appropriate for your system. The Linux package provides the source code that you can extract and build on your own computer. It is also available with its own repository, which can be found here. ..
sudo apt-get install software-properties-common This will install the software properties tool. ..
sudo apt-get update sudo apt-get install ubuntu-18.04-xenial
After the commands are done, it’s a good idea to run them to “trust” the key and allow updates.
Wget -nv https://download.opensuse.org/repositories/home:obs_mhogomchungu/xUbuntu_18.10/Release.key -O Release.key
sudo apt-get update sudo apt-get install < Package > The sudo apt-key add command adds a new key to your computer’s software repository. The sudo apt-get update command updates your software repository information, and the sudo apt-get install command installs the specified package. ..
sudo apt-get install sirikali
SiriKali is now available in your menu. Click to open it.
SiriKali opens a window reminiscent of VeraCrypt with options at the bottom of the screen. You can create volume, mount volume, update, manage bookmarks and finally there is a menu.
Gocryptfs is a new filesystem that stores encrypted files. You can create a volume to store your encrypted files on. ..
The GNOME Keyring application provides a way to store passwords and keys in one place. The password can be anything you want, but the key must be a valid GNOME password. There are different options available, such as password, password and key file, and GNOME Wallet. Select which option best suits your needs - just remember to use a strong password that is not easy to guess. There are other variables in the options button which detail the level of encryption and whether you need scrambled filenames. ..
Once you have copied the files you want to encrypt, open the SiriKali app and click on the Encrypt Files button. This will open a dialog where you can enter a password for encryption. After entering the password, click on the Encrypt Files button to begin encrypting your files. ..
When you’re finished, remember to click again and select “unmount volume.” ..
Final note
How to encrypt files with gocryptfs on Linux In this guide, we will show you how to encrypt files with the gocryptfs filesystem on Linux. Gocryptfs is a powerful and easy-to-use encryption tool that can help protect your data from unauthorized access. To start using gocryptfs, you first need to install it. You can find the installation instructions here. Once you have installed it, you can start using it by running this command:
gocryptfs-cli create -t cryptodev1 cryptosystem cryptosystemname
The -t flag tells gocryptfs to use the specified cryptosystem for encryption. The cryptosystemname can be any of the following: AES, 3DES, Blowfish, and Twofish. If you don’t specify a cryptosystem name, gocryptfs defaults to AES. You can also use –help for more information on the options available in the command line. Once you have created a new encrypted file with goccryptfs, you can access it by running this command:
