Need help? Chat now!

Hostwinds Blog

Search results for:

Step By Step Guide for Encrypting Data in Ubuntu Using eCryptfs Featured Image

Step By Step Guide for Encrypting Data in Ubuntu Using eCryptfs

by: Hostwinds Team  /  May 29, 2017

If you have sensitive information that you don't want other people to access without your express authority, consider encrypting it. Encryption is a technological process that prevents people from accessing highly confidential information that they're not supposed to see. Encryption can be likened to the process of securing money in a safe. In this case, data is stored in a digital safe to protect it from unauthorized users.

Who encrypts their data?

Many people and agencies encrypt their data. This includes the military, hackers, companies and even criminals. Even your average Joe can choose to encrypt their data. And it's a good idea to do so due to the risk that people face on a daily basis, whether it's accessing personal accounts on social media networks, research papers or banking information. With the growing threat of cybercrime today, it's easy to see how someone could use this information to harm you.

How do you encrypt data?

There are several ways that you can encrypt data. A lot of people use 3rd party software that have been specifically designed for this purpose. Other people come up with customized solutions for their problems.

If you have an Ubuntu operating system, you can take advantage of eCryptfs (Enterprise Cryptographic File System). This software allows you to mount an encrypted file system, use it for what you need to do and then unmount it.

Note: You can't do this on shared hosting, but it can be done on both a VPS or dedicated server. If you need to use software like this, check out our cheap VPS options or full-on, customized dedicated servers.

What are the risks of using eCryptfs?

Once you login, eCryptfs automatically mounts the encrypted filesystem. Therefore, it's essential that you don't give anyone your password. To bypass this automatic mounting process, you need to pass the –noautoumount feature when you are setting up the software. To do that you will need to run this command:

1 ecryptfs-setup-private --noautoumount


Once you setup a password, you have to remember it. If you forget it, it's not going to be easy to get back and be able to access the information you encrypted. We won't be able to get it back for you. It's also important to have a backup of the folder you created ~/.ecryptfs/.

How to setup eCryptfs

It's pretty easy to setup eCryptfs. This is because the program is already present in Ubuntu repos and installable via apt-get. All you'll need to do is install it, so that you can use it. The first thing you want to do is update apt first before carrying out the installation.

You can do that by running the following command:

1 sudo apt-get update

Alternatively, you can upgrade apt with this command:

1 sudo apt-get upgrade

After you've updated and upgraded your server, you can then run this command to install eCryptfs:

1 sudo apt-get install ecryptfs-utils

Once you complete the installation, you are ready to start encrypting your data.

How to create a private directory

The next step is creating a new directory, encrypting it and then moving data into it. You'll then unmount the directory, so that no unauthorized person can gain access to it.

A private directory is where you'll store the information that you want protected. To create this directory, you need to set up two folders in your home directory. These two folders will be named Private and .private.

The Private folder is where the decrypted information will be available, while the .private folder is where the encrypted data will be stored.

To set up the folder, run this command:

1 ecryptfs-setup-private

You should then be asked to enter your login password.

Now enter a mount password. You have the option of leaving it blank and letting it automatically generate one for you, too. After that, you'll need to enter the password again.

After you enter the password again, logout and then login again. You should see your new folder now.

Warning: Don't use the above command in a directory which already has data, since the command will make that data inaccessible.

Tip: Use it to encrypt your backups so they're only accessible by you.

Once you login, move the information that you want encrypted into the Private folder.

After your data has been transferred to the folder, unmount it. To unmount, you need to enter the following command:

1 ecryptfs-umount-private

Once you unmount the directory, if you try to view the data within the directory, you will get a notification that the data might be a binary file. The only way you can see the data within the directory is for you to mount the directory again.

To mount the private directory that you have encrypted, enter the following command:

1 ecryptfs-mount-private

You'll be asked to enter the password that you created before, so you can see the data. If you don't enter the password, it won't mount successfully.

If you want to encrypt any other information, simply move the information into the Private folder.

To access the directory easily, you can create a direct link to the directory using:

1 ln -s ~/private/secret/ ~/secret/

Set up an encrypted home directory

To do this, you have to make sure that you are logged out of your current session. Login as the root user or some other user that you have setup, then install rsync by running this command:

1 sudo apt-get install rsync

Then install lsof by running this command:

1 sudo apt-get install lsof

Finally, run this command as root:

1 ecryptfs-migrate-home -u username


eCrypt is a simple to use tool that will help you to create secured directories for anything you want to secure.

eCrypt is a simple to use tool that will help you create secured directories for anything you want to secure. Is there another method that you prefer? If so, please share it in the comments. If you've found this helpful, share it!

Written by Hostwinds Team  /  May 29, 2017