Sunday, June 26, 2022

Simple Encrypted Drive

We all have sensitive data that we need to keep them away from prying eyes. While there are so many free software and solutions available, they all have advantages and disadvantages in using them. A discussion of available solutions and the pros/cons are outside the scope of this blog. If you are interested in using a simple, highly secure and most importantly, a free solution where you have 100% control of your sensitive information, read on. Note: This is only if you use a Mac or Linux laptop/desktop, sorry no Windows.

Here is a simple shell script to encrypt your data locally in your hard drive or on a portable USB stick to take it anywhere. If your USB stick is lost or stolen, the data stored in there are of course useless to anyone. The way the script works is by creating an encrypted disk using a special filesystem driver (encfs) and allows you to copy your ordinary files (i.e. unencrypted) through the driver just like copying a file with your operating system's copy command. To access these files, you have to mount the drive with your passphrase. Once the filesystem is mounted, they are available through a mounted drive in plain form to retrieve or update your files. Once the file system is unmounted, they stay in your hard drive or usb stick in encrypted from. 

Here is how to use it.

./ -d /tmp -m

In the screenshot below, I am using a /tmp directory just as an example but you should actually choose a permanent storage like an ordinary directory in your home path like "$HOME/encrypted" or a USB disk mount ex: /Volumes/<mydisk> on Mac. Note: you need to choose a strong passphrase and remember that to access your files later. The very first time you run, script will ask you a question about encrypted volume type as shown below, just hit enter to take the default; subsequent runs will not ask anything except the Encfs password i.e. master password you chose to mount the encrypted volume.

Once the drive is mounted (see the screenshot above shows mounted drive on your desktop), you can simply copy your sensitive files using operating system copy command like shown below, or just drag and drop files like you'd do with any other drive/path. The mounted drive will stay mounted for 15 minutes and unmount itself automatically for security reasons.

As you can see from the above screenshot the files are now accessible through the mount point (/tmp/decrypted) for reading and writing in plain form. Once you unmount using -u command, you see the files in /tmp/decrypted are gone and the actual files in encrypted form are in /tmp/encrypted which is useless if anyone got a hold of your USB drive or your computer containing these files. (Note: replace /tmp/ with the path you chose for your permanent storage when you mounted the drive)

The script is available in my GIT repo below. Download it and follow the instructions (below) to install the encfs which is required for this script to operate. Love to hear feedback.

#  Instructions for installing encfs

#   Mac
#   run the following 2 commands on mac terminal (assumed you have brew installed)
#     brew cask install osxfuse
#     brew install encfs
#   Linux:
#     Ubuntu/Debian: apt-get install encfs
#     Redhat/CentOS: yum install encfs  
#     Other: refer to your distro manual
#   Windows:
#      Sorry, wipe that crap 😃 and install Linux or get a Mac!

No comments: