Encrypt and store data securely in Ubuntu Linux using ‘EncFS’

‘EncFS’ is a utility that creates an encrypted virtual file system that you can use to save data, encrypted. It’s a native GNU/Linux tool but there are few tools that let you use it under Windows and Mac OS X as well. It supports two powerful data encrypting algorithms called ‘AES’ and ‘Blowfish’.

While operating it uses two folders. One is used for holding the encrypted data (source folder) and another is used for mounting the data. It has many benefits, but one in particular is that, as soon as you mount the ‘source folder’, you can add files to the mount point (which behaves like a virtual partition) and that data will be encrypted and added to the source folder at the same time (‘on the fly’).

You can make it mount the folder at the system start-up, mount it temporarily (for a certain period) or mount or unmount it manually and though it behaves like a virtual partition but you don’t have to worry whether there’s enough room for you data etc or not (as with ‘TrueCrypt’ and its data container) because it expands and shrinks automatically when you add/remove files.

There are few drawbacks too. One that’s worth mentioning is that, anyone with proper privileges can access the encrypted folder and its content (files and their sizes etc). But then again, their names and the content is encrypted, so they can’t access them anyway.

How to use it in Ubuntu?

Ubuntu does not come installed with it, so you’ll have to install it manually. For that, open your Terminal and enter the below command (12.10, 12.04 Precise Pangolin, 11.10, 11.04 etc).

sudo apt-get install encfs

As mentioned earlier, you can use ‘EncFS‘ in two steps. First you mount the folder (so you can add/view content through the mount point) and then once done, to securely lock the content, you unmount it.

For mounting, you should use it in the below format.

encfs source-folder-path mount-point-path

For the unmount, use the below command in the following format.

fusermount -u mount-point-path

Few examples …

Step 1: As said, you need to have two folders to use it. And when you’re using it for the first time, if you don’t have them created, then ‘encfs’ will create them for you.

Let’s say that you want to store the encrypted data on a folder called ‘encrypted-data’ in the ‘Home’ folder and want to mount it into another one in your ‘Home’ folder called ‘decrypted-data’. Then I’ll use the below command.

encfs ~/encrypted-data ~/decrypted-data

The ‘~’ character automatically fills-in the path of your ‘Home’ folder (it’s a shortcut which saves you the trouble of typing the path of your Home folder, typing ‘/home/gayan’ in my PC in my case).

If it confuses you, then you can use the below command as well, just remember to replace ‘gayan’ (used twice) with your user name.

encfs /home/gayan/encrypted-data /home/gayan/decrypted-data

Once that’s done, since this is the first time ‘encfs’ will guide you through for creating an encrypted virtual file system (at later times, you should be using this same command for mounting it).

*. Now assuming that you haven’t created those folders, ‘encfs’ will ask your permission to create them.


*. Once you give the permission (by typing ‘y’) then it’ll ask for the settings (such as the preferred encrypted method, block-size etc). It comes with a pre-configured preset that saves you all that trouble, for that, simply type ‘p’.


*. Then at the final step, it’ll ask you to enter a password for accessing the encrypted volume.


And once you enter that, you’ll see that a folder called ‘decrypted-data’ (with a small icon of HDD attached to it) is mounted on your Home folder as shown below. You can add data that you want to encrypt to this folder and as soon as they’re added, they’ll be encrypted and added to the source folder (‘encrypted-data’ folder as for this example).


Step 2: Once you’re done encrypting the data, you can unmount the mounted folder by using the below command.

fusermount -u ~/decrypted-data

The ‘fusermount’ is a tool that we use to mount/unmount virtual file systems in GNU/Linux and the ‘-u’ argument means unmount (duh :D).

A quick recap …


(concerning the above example) While setting up for the first time or mounting the encrypted folder later, you should use one of the below commands. If you go with the second command, then make sure to replace ‘gayan’ with your user name.

encfs ~/encrypted-data ~/decrypted-data


encfs /home/gayan/encrypted-data /home/gayan/decrypted-data

You don’t have to use your ‘Home’ folder and you can use any location you want (a USB drive or another location on your HDD as long as you have the proper permissions). In that case simply replace the proper path.


When done, unmount it using the below command.

fusermount -u ~/decrypted-data

Again, make sure to replace ‘~/decrypted-data’ if you have used a different location. That’s it.

An RHCE, 'Linux' user with 14+ years of experience. Extreme lover of Linux and FOSS. He is passionate to test every Linux distribution & compare with the previous release to write in-depth articles to help the FOSS community.

2 thoughts on “Encrypt and store data securely in Ubuntu Linux using ‘EncFS’”

  1. Thx for the above.

    Can you tell me how I can correctly remove folders from encfs control? I have a folder that I encrypted with encfs. I no longer want to do so. I want it back as a “normal” unencrypted folder as before.


    • Hi lc,

      There might be other methods, but below is one of them …

      Step 1. First of all, mount your encrypted folder, and then copy all of the unencrypted data into a different folder (make sure that it is not currently associated with ‘encfs’. It is better to create a new one, just in case 🙂 ).

      Step 2. Then un-mount the encrypted folder, and once it get unmounted, delete that folder (you can also delete the folder that ‘encfs’ used to use to mount the data as well).

      Step 3. After that, you can safely rename the folder that contains the unencrypted data to the name of the original encrypted folder that you just deleted, since it should no longer be managed by ‘encfs’.

      This is because, to verify weather a folder should be managed by ‘encfs’ or not, ‘encfs’ relies on a configuration file which is also located inside the each encrypted folder (unless you have manually changed it), and when you delete the folder in the ‘Step 2‘, this file also gets deleted, and thus it gets out of the control of ‘encfs’. Hope this helps.

      P.S: I did test it and it works.


Leave a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.