Looking for an easy-to-use encryption tool to protect data on your Linux servers?
Next, we will show you how to install and use gocryptfs for this purpose.
Your Linux servers probably contain very valuable company and / or customer data.
If so, what will you do to protect them?
Yes, you’ve probably spent an inordinate amount of time hardening your network, and perhaps you’ve had some success in defending yourself against intruders.
But what if that’s not enough?
What if we apply encryption as an additional layer of protection?
You can also find similar techniques on the website https://techcraunch.com/
One such tool is gocryptfs.
The gocryptfs tool allows you to encrypt only the directories you need.
It is lightweight, comfortable and safe.
Moreover, gocryptfs allows you to move these encrypted directories from one system to another.
As long as you have your encryption passphrase, these encrypted directories can be thought of as portable data stores.
The only thing you need for this to work is a running Linux instance and a user with sudo privileges.
How to install gocryptfs
Since gocryptfs is in the standard repositories, you can install this tool with a single command.
On an Ubuntu based system, this command:
sudo apt-get install gocryptfs -y
If you are using a Red Hat based distribution, the command is:
sudo dnf install gocryptfs -y
How to create an encrypted directory
With gocryptfs installed, you can create your first encrypted directory.
Let’s create a new directory using the command:
Initialize this new directory with the command:
gocryptfs --init data_vault
You will be prompted to create a password for the new directory. A new gocryptfs filesystem will be created in the directory, and then you will be presented with the master key for that filesystem. This master key is used to decrypt the encrypted file system if it gets damaged or you forget your decryption password. Please keep this key in a safe place. We will now create a mount point for our new filesystem. Let’s create a directory named vault using the command:
Mount the encrypted filesystem to the mount directory using the command:
gocryptfs data_vault vault
You will be prompted for the encryption password you created when you initialized the data_vault directory. After successful authentication, you will see that the filesystem is mounted and ready. Now you can add data to this directory. When you add data to a mounted directory, it will automatically sync it with the file system. Although the files in the mounted directory are viewable, they are encrypted on the file system. After you’ve added all the files, unmount the directory with the command:
fusermount -u vault
At this point, nothing can be found in the vault directory, and everything in data_vault is encrypted.
To work with data_vault again, just mount it to the vault directory, work with your files, and then unmount it again.
Simple and safe. With gocryptfs, you can easily protect your files and folders with a strong encryption layer.