May 172012

Situation: I got a free + account (5 GB space) for my backups, but I don’t want my data to be in the clear on some provider.

Solution: At first I thought of
a) encrypting the data locally using GPG
b) using a truecrypt container
c) using encfs

a) is my current solution for external drives, works fine
b) you cannot work on files, because you have to move the whole container – it will waste too much bandwidth
c) Will encrypt on a file-base, sounds like a), but it is transparent. Thats perfect and it works in less than 10 commands!

Setup on Debian/Ubuntu:

We need encfs (and if you don’t have it already davfs2):
apt-get install encfs davfs2

Now we will mount the cloud via WebDAV into our filesystem:

mkdir /mnt/owncube/
mkdir /mnt/freecloud/
mount.davfs /mnt/freecloud/ -o uid=mirzad,gid=mirzad
mount.davfs /mnt/owncube/ -o uid=mirzad,gid=mirzad

Finally we will set up the encryption. EncFS needs two folders, one will be the folder where it puts all the encrypted files (in our case the cloud), the other will be unencrypted and linked to the first. So you can work on the unencrypted folder as usual and encfs will save the changes fully transparently into the encrypted folder!

mkdir /mnt/owncube_d/
mkdir /mnt/freecloud_d/
encfs /mnt/owncube/ /mnt/owncube_d/
encfs /mnt/freecloud/ /mnt/freecloud_d/

Thats it, you can work in the “_d” folders as usual while your changes will be sent to the cloud in the background. Don’t forget to rsync both folders – free encrypted backup space for all ;)


If you want to share your decrypted folder via Samba you need to enable this:
1 – Modify the /etc/fuse.conf file so that the last line “user_allow_other” does NOT have a leading hash.
2 – mount with options: encfs /mnt/freecloud/ /mnt/freecloud_d/ — -o allow_other

This is how it will look like on a Windows Client (Samba share):

Update 27.07.12 : I added a small update on this here.