Gentoo Wiki


This text describes an easy method to encrypt your home directory using EncFS.

Warning: You should backup your home directory before trying this!

Lets assume you are user john with home directory /home/john using bash as shell and console login.

emerge -av fuse encfs secure-delete

If fuse refuses to build because "your kernel is too new", goto /usr/src/linux, type

make menuconfig

and check for the following setting:

File systems  --->
<M> Filesystem in Userspace support

If it doesn't exist, save and enter

make && make modules_install
modprobe fuse
groupadd fuse
chgrp fuse /dev/fuse
usermod -G fuse john
mkdir /home/john-crypt /home/john-mnt
chown john /home/john-crypt /home/john-mnt
chgroup john /home/john-crypt /home/john-mnt
encfs /home/john-crypt /home/john-mnt

You are asked for expert mode (x) or a predefined paranoia mode (p). p should be enough for now. Then you will be asked for the password/passphrase. Use a safe and long passphrase. Good news is, that you can change the password with encfsctl if you want to do so. Other cryptosystems don't have the possibility to change the password.

cp -R /home/john/.[a-zA-Z0-9]* /home/john-mnt
cp -R /home/john/* /home/john-mnt
srm -r /home/john/.[a-zA-Z0-9]* /home/john/*
File: /home/john-mnt/.bash_logout
cd / && fusermount -u /home/john
fusermount -u /home/john-mnt
rmdir /home/john-mnt
File: .bash_profile
encfs /home/john-crypt /home/john -- -o nonempty && cd /home/john
[[ -f ~/.bashrc ]] && . ~/.bashrc

Done! When john now logs in, he gets an additional password prompt and his crypted home directory is mounted automatically. When he logs out, it will be unmounted.

Retrieved from ""

Last modified: Tue, 19 Aug 2008 04:30:00 +0000 Hits: 9,363