eCrypfs makes one directory in a file-system crypted. Since it does not work on a partition level, you do not need to worry about extending or shrinking the encrypted partition inside the uncrypted partition. Instead, file system works normally and only the content of the files are encrypted. This should also add some more fault tolerance in the case of disk failure – it is less unlikely to loose the whole encrypted partition.
Here we create an encrypted directory on an external hard drive
- First format the drive with ext4 file-system (mkfs.ext4)
Prepare a passphrase in a .TXT file (you won’t be asked to type mistyped passphrase again).
Then go to the mounted disk
cd /media/fbf0a2c3-0631-4a00-ad1b-a34e449c8b2a/ mkdir crypted chmod 700 crypted/ sudo mount -t ecryptfs crypted/ crypted/
Copy-paste in the passphrase and otherwise use the default settings given by ecryptfs.
Voilá. Now your encrypted folder is ready. It is not accessible if you do not mount it with eCryptfs and enter the passphrase.
We can test it with umount and mounting it again. It will ask passphrase and format options again:
echo "foobar" > test.txt umount /media/fbf0a2c3-0631-4a00-ad1b-a34e449c8b2a/crypted cd crypted cat test.txt
You will see garbled output instead of the file contents. But after you remount it it works again:
mount -t ecryptfs crypted/ crypted/
Just give the passphrase and hit enter to all options (again).