Using EncFS with Copy Cloud File Storage
24 Mar 2013I have been trying out Barracuda Networks cloud file storage "Copy" for the last few day. The Linux client seems stable and syncing has been reliable up to now. Although there are claims that Copy stores files encrypted, it is also an architectural fact that Copy needs to store your encryption keys on the server side.
So, if you want to store private Data, then you'll have to setup encryption yourself - Enter EncFS.
EncFS provides an encrypted filesystem in user-space and uses the FUSE Library. The following instructions are for Ubuntu 12.04, but configuration should be similiar with other distros.
Installing EncFS
This is the easy part, just type:
sudo apt-get install encfs
Install gnome-encfs
Gnome-encfs is a nifty helper tool that makes mounting EncFS mounts automatically at login time easy. So, download and install it:
wget http://bitbucket.org/obensonne/gnome-encfs/get/tip.tar.gz tar xvzf tip.tar.gz --wildcards --strip=1 --no-anchored 'gnome-encfs' sudo install gnome-encfs /usr/local/bin
Setup an EncFS encrypted folder
I assume that your Copy cloud storage folder is ~/Copy. First, create a directory that will hold the encrypted file system:
mkdir ~/Copy/encfs
Now create a mountpoint to hold the decrypted File system:
mkdir ~/Copy-crypted
Now lets create the encrypted file system:
encfs ~/Copy/encfs ~/Copy-crypted
EncFS will now ask for encryption options, you can just use the preconfigured paranoia mode. Now enter the passphrase of the encrypted file system. Make sure to check whether the mount is set up correctly:
mount | grep encfs
It should give you an output similar to this:
encfs on /home/foo/Copy-crypted type fuse.encfs (rw,nosuid,nodev,default_permissions,user=foo)
Automounting on login
Using gnome-encfs, you can store your EncFS passphrase in the Gnome password manager and mount the encrypted filesystem automatically on login. Just enter:
gnome-encfs -a ~/Copy/encfs ~/Copy-crypted
Gnome-encfs will ask for the passphrase. Just make sure you enter the correct one, because it will just ask one time. Now test if gnome-encfs is configured correctly. Unmount the crypted filesystem:
fusermount -u ~/Copy-crypted
Then execute the gnome-encfs mount procedure with:
gnome-encfs -m ~/Copy-crypted
This should give you something like this:
Mounting /home/foo/Copy/encfs at /home/foo/Copy-crypted: OK
In case you got an error, becausye you did enter a wrong passphrase, remove the entry:
gnome-encfs -r ~/Copy-crypted
Now add it again, as described above. Once you have set up gnome-encfs correctly, you should see ~/Copy-crypted automounted on login.
Unmounting on logout
To make sure, that the encrypted file system is unmounted when you log out, you have to add a session cleanup script to your display manager. The following instructions are for lightdm, the standard display manager in Ubuntu 12.04.
Create a session cleanup script:
sudoedit /etc/lightdm/session-cleanup.sh
Put the following lines in the script:
mount -t fuse.encfs | grep "user=$USER" | awk '{print $3}' | while read MPOINT ; do
sudo -u $USER fusermount -u "$MPOINT"
done
Make the script executable:
sudo chmod +x /etc/lightdm/session-cleanup.sh
Then, edit lightdm.conf to execute the script on logout:
sudoedit /etc/lightdm/lightdm.conf
Add the following line configuration:
session-cleanup-script=/etc/lightdm/session-cleanup.sh
Now restart your PC or restart lightdm. Your display manager will now unmount all mounted EncFS mounts when you logout.