eCryptfs is a POSIX-compliant enterprise-class stacked cryptographic filesystem for Linux. It is derived from Erez Zadok’s Cryptfs, implemented through the FiST framework for generating stacked filesystems. eCryptfs extends Cryptfs to provide advanced key management and policy features. eCryptfs is already included in the official Ubuntu repositories and encrypting directories is a simple matter of mounting them with the ecryptfs filesystem

You can install ecryptfs using the following command

#sudo apt install ecryptfs-utils

Create a secrets directory in the top level of the filesystem, and encrypt it. Note how you list the directory name twice, because you also need to specify a mount point. Essentially, you’re using the directory that you’re mounting as its own mount point:

#sudo mkdir /secrets
#sudo mount -t ecryptfs /secrets /secrets

Enter your desired passphrase, and choose the encryption algorithm and the key length

Go with the default of aes encryption, and 16 bytes for the key.

Go with the default of no for plaintext passthrough, and with yes for filename encryption:

Go with the default Filename Encryption Key and verify the mounting options:

This warning only comes up when you mount the directory for the first time. For the final two questions, type yes in order to prevent that warning from coming up again

Create a file within your new encrypted secrets directory, and then unmount the directory. Then, try to do a directory listing:

By choosing to encrypt filenames, nobody can even tell what files you have when the directory is unmounted. When you’re ready to access your encrypted files again, just remount the directory the same as you did before.

If you’re just encrypting individual directories with eCryptfs instead of using LUKS whole- disk encryption, you’ll need to encrypt your swap partition in order to prevent accidental data leakage. Fixing that problem requires just one simple command:


The following two tabs change content below.
Ruwantha Nissanka is a Professional Cyber Security Engineer from Sri lanka with having a demonstrated history of providing cyber security services for multiple organizations in Sri Lanka. He is a positive person who wants to believe the best in others and he likes to help, encourage people and make them feel good.