Add CryptKeeper for on-the-fly encrypted folders in Linux
You've more than likely read Martins' piece about the outstanding encryption tool Truecrypt "TrueCrypt 6.1 Released" and have used it to create easy to use, encrypted file systems on Windows machines. Of course TrueCrypt is also available for Linux as well. But what if I told you there was an even easier system to use for on the fly folder encryption for the Linux operating system? There is, and it's a snap to use.
CryptKeeper is available for the GNOME desktop (requires Nautilus) and is a system try applet that easily manages EncFS encrypted folders without the user having to touch the command line. And CryptKeeper works very similarly to TrueCrypt but makes the whole process even easier. In this article, you will learn how to install CryptKeeper and then create and use an encrypted folder on an Ubuntu machine.
Installation
Installing CryptKeeper is as simple as installing any other software on an Ubuntu machine. Of course, this software should be just as easy to install on your favorite distribution - just modify the process as needed. The steps for installation are:
- Open up your Add/Remove Software tool.
- Search for "cryptkeeper" (No quotes).
- Select the resulting software for installation.
- Click Apply to install.
That's it. Once installed you will find the menu entry under the Applications menu, in the System Tools sub-menu.
How CryptKeeper works
The way this application works is simple: Creating encrypted, mountable file systems. You create an encrypted folder that can only be accessible if that folder is mounted, and the only way to mount that folder is to know the authentication password.
Starting and using CryptKeeper
When you start CryptKeeper, you will be surprised to see that no windows or dialogs open. As stated earlier this is a system tray applet, so the application resides in your system tray (or Notification Area). So when you start CyrptKeeper, the only thing you will see is the system tray icon appears (see Figure 1). The icon you are looking for is the keys icon. From this icon there are two actions:
Right click: Preferences, About, Quit
Left click: Mount previously created encrypted folders, Import EncFS folders, Create encrypted folders.
From the Preferences window, there isn't really much to do. There is, however, one important option you can set. If you want to make sure your encrypted folders are unmounted after being idle for a user-configured amount of time.
Now, let's create an encrypted folder. Left click CryptKeeper icon and select "New Encrypted Folder". This action will open up a Wizard that will walk you through the process of creating your folder. The steps are:
Give your folder a name and location.
Enter (twice) a password for the encrypted folder.
That's it. As soon as you have verified your password, and hit Forward, your new encrypted folder will open in the Nautilus file browser (see Figure 2).
With your folder open you can then place whatever you like inside. Once you are done working with the folder, you only need to unmount it to keep the contents from prying eyes. There is only one way to unmount your folder:
Left click the CryptKeeper icon and uncheck the mounted folder.
If you try to unmount the folder from within Nautilus you will be unsuccessful.
When the folder is unmounted it will seem to no longer exist on your machine. The only way you will see the file is to open up a terminal and search for the folder in your home directory using the ls -a command. Using the example I created above (encrypted folder "Ghacks") I will see the entry .Ghacks_encfs in the ~/ folder. If I try to search the contents of that folder I will see something like:
kgv8qdE4Y,8kNqkREP7cQGvz-fk9bUujZTSXd8ijrelqi0
No dice. There is only one way to see the contents of this folder. To do this left click the CryptKeeper icon and select the encrypted folder you want to mount (see Figure 3). Once selected you will be prompted for the password for the folder. When you successfully enter the password the folder will mount and be opened in a new Nautilus window.
Final thoughts
Without a doubt, CryptKeeper is one of the easiest means to create on-the-fly encrypted folders to use on the Linux desktop. If you need solid encryption for personal folders, CryptKeeper is the way to go.
The Electronic Frontier Foundation has issued guidance for getting your mobile device across the border safely and protecting the data on it should it get seized.
https://www.eff.org/sites/default/files/EFF-border-search_2.pdf
Great read, thanks for posting Ilev.
Yes, I was just about to post that. They specifically address the hidden volume. To fill its purpose, you need to lie to law enforcement/homeland security, which is in of itself a crime. Of course once you get to court you can try to plead the fifth, but you may be forced to reveal its existence and the password in the same vein as the non-hidden volume anyway.
The best solution to someone asking for your password isn’t to plead the fifth, but to simply say you forgot it. This is of course also perjury, but nobody can look inside your head to prove it, so unless you told your cellmate about your cunning master plan, you’re good to go.
Or unless you write on a blog about it ;)
Rodalpho, isn’t a Truecrypt hidden volume 100% unidentifiable anyways? I don’t know, maybe an extreme expert would “recognize” certain patterns even if it’s hidden.
Once inside your outer volume, assuming they coerced you enough to get into it, would the US Gov’t have the right to manipulate / alter / delete files as a bargaining technique? I would think it unlawful “officially”, but a little imagination brings up some issues.
Ahh but I am pure as the driven snow! (Except for posting on a blog during work.)
… and except for being Bernie Maddoff’s tax advisor!
I used to be a regular visitor to the United States. About every second year. But I stopped going 7 years ago, largely because of border hassles like this. The Canadians now get my money. I know I’m not alone in this.
I was travelling to the USA once or twice a year but I also a few years ago. Not going to go there again until the craze has disappeared… might be a while!
Just a legal clarification: You are not required to provide your password as this is covered under the 5th Amendment against self incrimination. But should the authorities be made aware that there are files located in certain “areas” than you must provide the authorities with an unencrypted version of those files. As the authorities have a “right” to access the files once they know where it is. I would just say “I’m not aware of any”, and claim my tech guy handles everything, I don’t know tech.
I also travel around with the following file: “a little boy and his priest.avs”. Should anyone seize and opens said file, their computers FRY :)
But this TrueCrypt matryoshka concept is intriguing. Gotta try it out.
DanTe, how can I obtain said file that makes computers fry? How does it work?
Do like I do: troll the usenet for “free software” and see which one promptly got pass your virus scan and kills your stand alone PC. I do this about once a year to get the latest in killer software. Use something like the free SBNews Android or Newsbin Pro and just massively download. I generally look for the small (below 5mB) files that purports to be celebrity sex movies.
This is a really good app. I tested it out by partitioning a hard drive that I planned to use for data. Then I encrypted that partition with True Crypt. I noticed that the partition was visible when I opened up Computer to view all my drives. So I went into Disk Management and removed the drive letter from the partition which made it invisible. True Crypt also has a portable app version so no need to install it on the PC. This makes it hard for even a tech saavy person to get into your guarded files. (unless they know your password, lol)
Of course if you are accused of doing something illegal and are forced to give up your PC to the government forensic labs none of the above will help. Just get a lawyer and see what info/passwords you have to give up :-)
“Of course if you are accused of doing something illegal and are forced to give up your PC to the government forensic labs none of the above will help.”
Not to be rude but you don’t know what you’re talking about. :/
Not to be rude … , but you don’t know what you’re talking about. Have you tried the various TrueCrypt encryption modes? And no, Da Gov’ment don’t have no magic pixie dust that allows them to crack everything.
I also have another question — this article is about the gov’t agents seizing laptops. What’s the issue on DESKtops? Also can be seized, or a different story?
They can also be seized, no difference.