Linux has no shortages of solutions for file encryption. First released in 2001, EncFS [1] is one of the oldest solutions but remains one of the easiest to set up and use. It uses two directories: an unencrypted directory for dropping files into, and an encrypted directory that automatically creates encrypted copies of those files. Any further manipulation of the setup or files is done with the encfsctrl utility [2]. However, some insecure copies of EncFS are still in use, so be careful to get 1.9.5, the latest version, which fixes the vulnerabilities of earlier versions.

EncFS has several other advantages besides its ease of use. One is that because EncFS runs in userspace, using the FUSE libraries [3], ordinary users, not just root, can create its virtual filesystem. Additionally, running in userspace means that an encrypted volume can be administered by existing utilities such as Rsync and fsck. Similarly, standard backup utilities can back up only the EncFS-associated files that have changed.

EncFS can use both removable drives and cloud storage (see below). The volume key that is usually stored in the same directory as the encrypted data can be password protected and stored elsewhere, including on a removable drive or in the cloud for added security. Also, encrypted directories do not have any fixed size, growing as files are added or deleted instead of requiring a fixed space to be allocated. All these features add up to a CLI application that is almost as easy to use as a graphical interface.

Setting up EncFS

EncFS is available in most major distributions. To set it up, make sure that the FUSE package is installed, and then set up EncFS with the following command:

encfs ~/ENCRYPTED-DIRECTORY ~/UNENCRYPTED-DIRECTORY

If the directories named do not exist, EncFS automatically creates them. However, if you prefer, you can create the directories before running EncFS using mkdir -p. The -p option creates any necessary parent directory as well as the one required. Although security by obscurity should not be relied upon, you can hide the encrypted directory by adding a period at the start of its name, concealing it from the defaults of most basic commands.

If you want to use EncFS in cloud storage, make the encrypted directory a subfolder of the directory associated with your cloud account. For example, if you are using Dropbox, the subfolder might be ~/Dropbox/encrypted. The next time you sync your local and cloud directories, the encrypted directory is automatically uploaded to the cloud storage.

No matter where the required directories are located, the first time you run EncFS, you are prompted to set up the encryption (Figure 1). The default standard, or paranoia mode, provides a moderately high level of protection, and can be used automatically by adding the option --standard to the basic command. By contrast, the expert mode must always be specifically chosen. Expert mode prompts users with a series of questions to set the level of encryption. The man page explains each of the settings, but the most important difference is the key size (Table 1). Setup for both modes ends with choosing a password for accessing the encrypted directory via EncFS.

Figure 1: The first time you run EncFS, you can customize the encryption details using expert mode.

Although the man page recommends that most users chose the paranoia mode, users might prefer to use the expert mode simply to have a larger key, accepting the default for any of the other settings about which they are uncertain. Note, however, that in the past some cloud storage sites have had trouble with EncFS in expert mode. If that happens, delete the existing directories and try setting up in paranoia mode.

To check that EncFS is running, look for entries in the output of mount or temporary entries when running df -h. More simply, add a file to the unencrypted directory and then check that a file appears in the encrypted directory. If problems persist, try running the command with the verbose option (-v), which gives copious details for debugging (Figure 2).

Figure 2: Verbose mode gives detailed information about how EncFS is set up.

Running and Administrating EncFS

To mount existing EncFS directories for use, repeat the command used to create them:

encfs ~/ENCRYPTED-DIRECTORY~/UNENCRYPTED-DIRECTORY

At this point, you will be prompted for the password.

For most users, no additional options are likely required. However, EncFS does have a small set of options, which are described thoroughly in the man page. Most of these options set the details of how the command is run, such as -f, which runs EncFS in the foreground instead of the default background, or -s, which runs EncFS in a single thread, instead of the default multiple threads. These options are useful on older or smaller systems. But on modern systems, these options are unlikely to be needed except when other intensive programs are running at the same time as EncFS.

Still, there are several options that might be useful in specific circumstances. For instance, some users may choose to add --idle=MINUTES to unmount the encrypted directory automatically.

Users who want to share the encrypted directory – which should only be done cautiously – might use the option --public. And when searching the encrypted directory, --reverse can be used to display an encrypted file in plain text.

When not using EncFS, you can shut it down with the command

fusermount -u ~/UNENCRYPTED-DIRECTORY

However, many administrative tasks can be done using encfsctl. encfsctl is a utility that is generally packaged with EncFS, but it is easy to overlook. In fact, a search for how-tos on EncFS suggests that many are unaware of it altogether. And, admittedly, other standard commands are often convenient ways to administer EncFS.

Still, encfsctl is worth learning. For example, the info sub-command displays basic information about EncFS's encrypted directory. If you suspect that the applications used to create a file may have made them unencryptable for one reason or another, you can confirm your suspicions with the sub-command showcruft. At times, too, it may be useful to use decode to show the name of an encrypted file and display its unencrypted version, or, conversely, to use encode to show the name of an unencrypted file and show its encrypted version. As the man page notes, both decode and encode can be useful for such operations as deciding which files to include or exclude during a backup.

Probably the most useful of encfsctl's sub-commands is passwd (Figure 3). After all, security of any password is generally thought to increase when it is changed regularly. If that is true (and some would disagree), passwords used to view encrypted files should be no exception.

Figure 3: encfsctl is an administrative tool for EncFS. Mostly, it is used for changing passwords.

Caveats and Shortcomings

For most users, EncFS is a simple and reliable encryption tool. In some cases, though, it does have limitations that might reduce security.

A possible concern is that anyone who can read the encrypted directory can view the file attributes. This information – especially the time the file was created and the last time the file was saved – could be enough to guess the content of the file. To avoid this possibility, change the permissions so that the encrypted files can only be read or written to by you.

Another shortcoming is that, in paranoia mode, EncFS only supports file names of 190 bits. By contrast, most filesystems support names of 256 bits. This difference means that very long file names may be truncated. Truncation is especially likely with long file names because encrypted names are generally longer than the unencrypted ones, so the act of encryption can accidentally take the file name over the limit. For this reason, if you use extremely long file names, you should set up EncFS in expert mode.

More seriously still, some versions of EncFS are believed to have unpatched vulnerabilities. Most obviously, according to a 2014 report from Taylor Hornby of Defuse Security, the version in Debian Stable might be vulnerable to timing analysis, as well as attacks that lower the default encryption level without informing the user. The Debian Project took these possibilities seriously enough to add a warning to the package that displays when installed. Version 1.8 is thought to have corrected some of these vulnerabilities, but not all. To be as safe as possible, users should use only version 1.9.5 or later, using only expert mode.

Happily, these problems can be sidestepped. The problem is, many users are likely to download EncFS directly from their distribution's repositories – and not every distribution is as conscientious as Debian about informing users. With a little research, EncFS can serve users safely. Yet without that research, it can potentially give users a false sense of security. If you are especially concerned about security, you might even consider waiting for the 2.0 release that is rumored to be in development.