Philipp's Computing Blog

Success is about speed and efficiency

Transparently Encrypt Folders with encfs

EncFS (on Wikipedia) – a FUSE filesystem – can help encrypt cloud synced folders (using business proof AES or Blowfish algorithms). It operates on smaller blocks (not a single big file) and thus works well with Dropbox, because when only one decrypted file is changed, it won't upload your whole Dropbox again.

Prerequisits / Installation

Install Fuse4X and install EncFS. If you have Homebrew, this is as easy as:

brew install encfs

Setting Up The Encrypted Dropbox Folder

We don't want to encrypt the entire Dropbox as we would loose other dropbox features as sharing some files via a public link etc. So we set up an encrypted Dropbox subfolder:

encfs ~/Dropbox/EncryptedFolder ~/DropboxDecrypted

Enter y to create the folders, enter p for Paranoia mode and chose a safe password.

To get more information on a EncFS encrypted directory, run encfsctl info with the encrypted folder as argument:

encfsctl info ~/Dropbox/EncryptedFolder


To mount the volume, you basically just have to run the same command again that you used to create the encrypted folder:

encfs ~/Dropbox/EncryptedFolder ~/DropboxDecrypted

The process of mounting the encrypted file system on login after a reboot can be automated with EncFSVault.

Ensuring Higher Security

EncFS stores a configuration file in the encrypted folder: .encfs6.xml. For higher security you have to remove this file from cloud synced Dropbox and rather store it in a local folder:

mkdir ~/.encfskeys
mv ~/Dropbox/EncryptedFolder/.encfs6.xml ~/.encfskeys/dropbox.xml

Also remember to permanently delete the file from your Dropbox's on!

Now whenever you want to mount the filesystem, you have to specify where you moved the configuration file:

ENCFS6_CONFIG="$HOME/.encfskeys/dropbox.xml" encfs ~/Dropbox/EncryptedFolder ~/DropboxDecrypted