Create encrypted container
The following command creates two directories ~/.crypt hidden directory which stored the encrypted data and ~/crypt which acts as a mount-point for the unencrypted data
$ encfs ~/.crypt ~/crypt
Directory "/home/me/.crypt" does not exist, create (y,n)?y
Directory "/home/me/crypt" does not exist, create (y,n)?y
Creating new encrypted volume.
Please choose from one of the following options:
enter "x" for expert configuration mode,
enter "p" for pre-configured paranoia mode,
anything else, or an empty line will select standard mode.
?>
Standard configuration selected.
Using cipher Blowfish, key size 160, block size 512
New Password: <password entered here>
Verify: <password entered here>Use container
Decrypt
Provide encrypted data located in ~/.crypt in unencrypted form in ~/crypt
All data copied or moved to/from ~/crypt are encrypted/decrypted on the fly
echo 'S3CUR3-P4SS-incl.!' | encfs --stdinpass ~/.crypt ~/cryptEncrypt
To prevent anyone without your container password from reading your data ‘unmount’ ~/crypt directory
fusermount -u ~/cryptsshfs with encfs
You can even use sshfs to mount such a container from a remote system you have access to
Lets say you have a remote backup server where your .crypt and crypt directories reside and you want to use rsync to copy just deltas. Just use sshfs to mount your backup servers directory locally where ‘.crypt’ and ‘crypt’ folders are located
sshfs -o reconnect -o sshfs_sync [-o IdentityFile=/path/to/.ssh/key_file] root@BACKUPHOST:/backup-partition /mntNow decrypt the remote directory locally and run rsync to copy just deltas to it
echo 'S3CUR3-P4SS-incl.!' | encfs --stdinpass /mnt/.crypt /mnt/crypt