Using EncFS with Copy Cloud File Storage

I have been trying out Barracuda Networks cloud file storage "Copy" for the last few day. The Linux client seems stable and syncing has been reliable up to now. Although there are claims that Copy stores files encrypted, it is also an architectural fact that Copy needs to store your encryption keys on the server side.

So, if you want to store private Data, then you'll have to setup encryption yourself - Enter EncFS.

EncFS provides an encrypted filesystem in user-space and uses the FUSE Library. The following instructions are for Ubuntu 12.04, but configuration should be similiar with other distros.

Installing EncFS

This is the easy part, just type:

sudo apt-get install encfs

Install gnome-encfs

Gnome-encfs is a nifty helper tool that makes mounting EncFS mounts automatically at login time easy. So, download and install it:

wget http://bitbucket.org/obensonne/gnome-encfs/get/tip.tar.gz
tar xvzf tip.tar.gz --wildcards --strip=1 --no-anchored 'gnome-encfs'
sudo install gnome-encfs /usr/local/bin

Setup an EncFS encrypted folder

I assume that your Copy cloud storage folder is ~/Copy. First, create a directory that will hold the encrypted file system:

mkdir ~/Copy/encfs

Now create a mountpoint to hold the decrypted File system:

mkdir ~/Copy-crypted

Now lets create the encrypted file system:

encfs ~/Copy/encfs ~/Copy-crypted

EncFS will now ask for encryption options, you can just use the preconfigured paranoia mode. Now enter the passphrase of the encrypted file system. Make sure to check whether the mount is set up correctly:

mount | grep encfs

It should give you an output similar to this:

encfs on /home/foo/Copy-crypted type fuse.encfs (rw,nosuid,nodev,default_permissions,user=foo)

Automounting on login

Using gnome-encfs, you can store your EncFS passphrase in the Gnome password manager and mount the encrypted filesystem automatically on login. Just enter:

gnome-encfs -a ~/Copy/encfs ~/Copy-crypted

Gnome-encfs will ask for the passphrase. Just make sure you enter the correct one, because it will just ask one time. Now test if gnome-encfs is configured correctly. Unmount the crypted filesystem:

fusermount -u ~/Copy-crypted

Then execute the gnome-encfs mount procedure with:

gnome-encfs -m ~/Copy-crypted

This should give you something like this:

Mounting /home/foo/Copy/encfs at /home/foo/Copy-crypted: OK

In case you got an error, becausye you did enter a wrong passphrase, remove the entry:

gnome-encfs -r ~/Copy-crypted

Now add it again, as described above. Once you have set up gnome-encfs correctly, you should see ~/Copy-crypted automounted on login.

Unmounting on logout

To make sure, that the encrypted file system is unmounted when you log out, you have to add a session cleanup script to your display manager. The following instructions are for lightdm, the standard display manager in Ubuntu 12.04.

Create a session cleanup script:

sudoedit /etc/lightdm/session-cleanup.sh

Put the following lines in the script:

mount -t fuse.encfs | grep "user=$USER" | awk '{print $3}' | while read MPOINT ; do
    sudo -u $USER fusermount -u "$MPOINT"
done

Make the script executable:

sudo chmod +x /etc/lightdm/session-cleanup.sh

Then, edit lightdm.conf to execute the script on logout:

sudoedit /etc/lightdm/lightdm.conf

Add the following line configuration:

session-cleanup-script=/etc/lightdm/session-cleanup.sh

Now restart your PC or restart lightdm. Your display manager will now unmount all mounted EncFS mounts when you logout.