We are all paranoid about our files. Aren’t we? Whether if they contain personal information or classified information, there is a certain degree of concern we have. However with the advent of digital age, it is not that we can simply put them in lockers and guard them. Indeed you can lock your PC and disconnect it from network access, but what’s the point of using a computer to store your documents, use paper then right? Encrytion provides the way by which we can protect our files and folders. It is a method of encoding the files so that they can’t be accessed without being decoded first. For this we need a pass phrase (read: password). Thus the goal to stop the unauthorised individuals from accessing your critical documents is achieved. Ubuntu allows encryption and decryption of files and folders, but Ubuntu (at least the latest versions) have the ability to create an encrypted file store in which files are automatically encrypted and the process is entirely invisible from the user’s perspective.
Create an Encrypted private/ directory
Ubuntu has the ability that allows encryption of files “on the fly”. With this method, only the user who’s home directory the ~/private directory is residing, can access those files. No body else can access those files. That is a certain loophole of users being able to use a Live CD for accessing the files is largely eliminated. Now in order to go further, you need to install the required packages. I would suggest using the terminal since that would be quicker. :p
sudo apt-get install ecryptfs-utils
Now set up the pass phrase such by running this command.
You would be asked your login password for running this command. Next it will ask you the pass phrase, i.e. the mount pass phrase. Keep in mind that the mount pass phrase is not same as login password and also that you have to remember the passphrase in case you need to unlock the files manually at a future date. Once you have finished running the commands, log out and then log back in again. After logging in, you’ll find on opening the home directory that there’s a new private folder. This private folder will store all the files within itself encrypted and thus the files within it cannot be accessed without authority, i.e. only the original user can access it.
Encrypting individual files and folders
This is typical kind of encryption used for files and folders which you don’t frequently use, but would like to keep away secure from unauthorized access. In this method another copy of the file is made, this copy is encrypted. The user may delete the original unencrypted copy and keep only encrypted copy so as to “protect” the file.
It makes use of public/private key cryptography for the information and is built-in in latest versions of Ubuntu Linux.
Remember for sharing these encrypted files, you also need to share the key in addition of knowing the pass phrase.
First of all, you need to create a key:
- Go to Applications->Accessories->Password and Encryption Keys
- Select File->New…
- Select PGP Key and Click Continue
- Enter personal details. These are mostly optional and are relevant only if you wish to encrypt E-Mails. However keep note both First and Last name should be entered, um at least two words separated by spaces)
- When Done Click the Create Button.
- Wait for some times as it takes few moments to create a key.
- Voila, see the key.
Encrypting a file
To encrypt a file, or folder simply right click it and select Encrypt from the menu that appears. In the dialog box, select your key, select to sign message as and Click OK. Folders can be encrypted to. Always prefer to create an archive rather than encrypting individual files, since the latter method would be more tedious.
Decrypting a file
Just double click it, enter the pass phrase and it would be decrypted.
Keep note that, in order to share the files, you need to share the key. Use the same Passwords and Encryption Keys software to export the key. In another computer you’ll need to have the software installed plus you will need to import the keys.
Be wary of the fact though anybody with the file and the key can potentially decrypt the file. Note the word potentially.