Description: If you have a notebook, or personal data on your computer, you really need this application. Encfs is meant to provide security against off-line attacks; ie your notebook is stolen, your backups are stolen. K-EncFS is a frontend to the EncFS encrypting utility.
* EncFS (tested versions: 1.2.4, 1.3.1) and its dependencies: * FUSE (tested version: 2.6.1) * RLog (a C++ logging library, tested versions: 1.3.6, 1.3.7) * OpenSSL (versions 0.9.6, 0.9.7 and 0.9.8 have been tested.)
Visit the following home pages to download these dependencies: http://arg0.net/encfs or http://encfs.sourceforge.net/ http://fuse.sourceforge.net/ http://arg0.net/wiki/rlog http://www.openssl.org/
NOTE for Debian users: These utilities are included in Debian. You need not download and compile anything. Do not remove the line inserting fuse from the file /etc/modules! If you use Ubuntu, it must work from Dapper (it has not been tested).
NOTE for openSuSE 10.2 users: Just install encfs with its dependencies! Do not remove the line inserting fuse from the file /etc/modules! If you enter the wrong password, only a short notification will appear in the "Messages" box. It is because of a bug in your distribution packages.
Use the INSTALL and UNINSTALL scripts if the enclosed packages are not match to your system! If kde-config fails to work, edit the line 23 of the INSTALL and the line 15 of the UNINSTALL file. The variable KDEINSTPREFIX is the installation directory of KDE, e.g. KDEINSTPREFIX="/opt/kde3" or KDEINSTPREFIX="/opt/kde3.5".
If you want to migrate from kencfs to kencfs2, copy the content of the folder pops-up with kencfs to the folder pops-up with kencfs2. Do not move the encrypted folder! The path is a parameter of the encryption method.
Please do a comprehensive test before using this encryption utility!
From the version 2.1, K-EncFS can mount the encrypted file system during KDE startup, so the previous tastks can be restored by KDE. (For more info read the file /usr/local/lib/kencfs2/startkde/readme.startkde) A known problem if you patch the startkde script: On SuSE 10.3, the startups screen waits about 1 min. if you use the default splash screen. You can press the left mouse button, or you can choose another splash screen.
----- K-EncFS is released under the license of GPL -----
GILDE project (Graphical Interfaces to Learn Debian Easily).
(C) Big-Cat Software Association, 2007.
The picture file_locked.png is from the iconset SnowIsh-1.0 created by Alexandre Moore (aka Saki), compiled for KDE by Arno Rehn. (SnowIsh for KDE was merged with NuoveXT (from Saki) to fit better with KDE.)Last changelog:
Changelog for version 2.1 (kencfs2)
- K-EncFS starts automatically, if you left it on the systemtray. - Mount encrypted file system during KDE startup in order to restore your works in the encrypted file system. (Requires editing the startkde script.)
Changelog for version 2.0 (kencfs2)
- Encoding options. - New folder for encrypted files. - Improved operation. - Generic install and uninstall scripts were improved.
NOTE: There are two versions of K-EncFS: kencfs and kencfs2. You can use them simultaneously. Only kencfs2 will be maintained.
Changelog for version 1.1
- Generic install and uninstall scripts were added. - Tooltips. - Improved error messages.
I would NEVER EVER open a encrypted filesystem in a graphical window manager. Period.
The problem is that they all like to create 'icon' files which typically get stored in a sub-directory of your home, outside the encrypted file system.
If someone was to steal your laptop, or break into your machine they can get a really good idea of what you have encrypted by just looking at these icons.
Even if you don't have images, movies, or postscript files in your encrypted folder, that generates visible thumbnails, the black hats can still get an idea of what file names you are using from the thumbnails and any possible browsing history it may keep.
Even with command line shells you need to keep in mine shell history, and take appropriate measures to protect yourself. Same goes for editors that could make use of /tmp.
Now don't get me wrong. I use EncFS a lot, and not just for files I want secure, but for a lot of less important files too (the more you have the the harder it is to separate the craff or fake un-decipherable data). But you can't just use it blindly.
My main problem is the mess (.directory) appears during working with koquerror an dolphin. This prevents mounting the file system.
I hate the thumbs files on my cd-s, and i hate...
(KDE4 is not intended for the daily usage but it is only for the design.)
I must find a stupid solution for this problem.
When running ~> kencfs2
this error:
User specific directories for K-EncFS are present
User specific encrypted directory for K-EncFS present
Traceback (most recent call last):
File "/usr/bin/kencfslink", line 17, in <module>
from qt import *
ImportError: No module named qt
Any workaround?
Any chance that the k-encfs gui can be updated to work with version 1.4.2 or 1.5.0? Seems this kde-app has lapsed back in the version 1.3 or before days of encfs.
Unfortunately the author of encfs refused to cooperate with me. I think, he assumes that you use only command line. How can you remember the command line parameters for hundred of applications?
I forget it after I have finished my work with the frontend.
Much more serious problem is the backward compatibility...
I have to check the application regularly, and to correct it. I created this application for you, but this does not apply for encfs.
installed by using ınstall script, when type kencfs2 on konsole, got this error:
User specific directories for K-EncFS are present
User specific encrypted directory for K-EncFS present
/usr/bin/kencfs2: line 36: kencfslink: command not found
Is the link
/usr/bin/kencfslink
really missing after the installation?
(It was copied by the install script.
Please copy it manually from the tgz to the target directory!)
I have used kencfs2 for a while but recently have found that it no longer functions. I suspect that perhaps kencfs.py no longer works with the latest version of python...
I have worked through a number of error messages myself but have finally become stymied on this one:
User specific directories for K-EncFS are present
User specific encrypted directory for K-EncFS present
/usr/bin/kencfs2: line 52: 9966 Segmentation fault /usr/local/bin/kencfslink
I have encrypted files but can no longer access them because kencfs2 no longer works.
You can mount the encrypted folder from command line:
encfs (your home directory)/.kencfs2/.encrypted (your home directory)/.kencfs2/encrypted -S
Similar problem were reported on 1 of Nov 2007. I uploaded the new version 2.1 on 17 of Dec 2007.
Which version do you use?
It was tested on SuSE 10.3,
the previous release on 10.2.
The kdecore is the most important part of python-kde. It is not installed, or the wrong version installed (not for SuSE 10.2), the postinstallation script failed...
Try to reinstall it.
I had this working on my Mandriva 2007.0 and 2007.1 system but since I upgraded to 2008.0 it no longer works. I installed it after meeting all the dependency requirements but when I try to start it:
/usr/bin/kencfs2: line 52: 22227 Segmentation fault python /usr/local/lib/kencfs2/kencfs.py
The referenced line is a 'fi' tag, I do not understand the problem.
Try from the konsole:
python /usr/local/lib/kencfs2/kencfs.py
What kind of error message appears?
Two things i immediately missed after installing:
- ability to set my own mount point, in my case i was used to ~/sources ( dont ask )
- ability to mount the filesystem before the rest of the KDE session is restored during login
For example, if, before logout, i had a Kate session open with several files from the encrypted directory, kate will come up with blank files before i mount the dir. I know this is fundamentally much more difficult to do... maybe if Kencfs was integrated with KDE wallet instead ? KDE wallet seems to behave quite nice with the rest of the apps (Kopete, KMail etc )
Now i am still back to mounting the filesystem from a virtual terminal before actually logging in with KDE.
two bash aliases do the job, one for mounting other for unmounting
You are about to decrease the safety of your protected data. There are options to do this, but it is not included K-EncFS.
EncFS can use your login password for KDE to mount the encrypted file system, but in this case your data is protected by the same way as your computer generally.
Boot from a live CD, change the file /etc/... (stores your password hash), and your encrypted file system is... does not really protect your data.
There is not any other way to restore your kate sessions automatically.
The question: safety or confort?
I was not suggesting to use the KDE login password.
Similarly as KDE Wallet does not use the same password as login.
By the way, there is a libpam-encfs package that could probably be used for more flexible authentication option, i did not try to use that yet.
Here is what i am doing right now after bootup:
when kde login comes up, i switch to virtual terminal ( alt+f1 )
login from there
mount the encfs directory using bash alias and input my long-and-secure encryption password
switch back to KDE screen, ALT+F7
login
KDE will restore my session, including all open files ( CodeBlocks workspaces, Kate files, etc. etc. ) from the secure disk
I was talking about libpam-encfs. It uses the KDE login password.
I studied the kwalletmanager on two systems. It works on neither of them. On SuSE 10.2, it does not accept the correct password.
On debian ETCH, I cannot access any folder. Panes are missing...
I cannot apply such a buggy application.
Please explain me, how can you use this application on your system?
EncFS cannot restore anything concerning a KDE session. There are not any feature to do this.
We need an application with the ability of delaying the system tray activation untill you enter your password.
I think, it could not be a KDE application, because it relies on KDE. A KDE application cannot work before KDE starts.
Patching kdm could be a good solution. (Please send the KDE team a feature request!)
I cannot understand your problem with the directories. EncFS uses two directories. One for the encrypted data. You need not acces it directly. The other is a virtual folder, it must be empty before mounting the fs. You cannot pass any data directly into this folder. It is a file system, not separate resistant encrypted files. If you do not like the name of the folder, you can edit the file /media/hdc2/usr/local/lib/kencfs2/kencfs.py.
Change the value of the variables self.user_dot_encrypted and self.user_encrypted! Then, edit the start script /usr/bin/kencfs2!
Ratings & Comments
41 Comments
I would NEVER EVER open a encrypted filesystem in a graphical window manager. Period. The problem is that they all like to create 'icon' files which typically get stored in a sub-directory of your home, outside the encrypted file system. If someone was to steal your laptop, or break into your machine they can get a really good idea of what you have encrypted by just looking at these icons. Even if you don't have images, movies, or postscript files in your encrypted folder, that generates visible thumbnails, the black hats can still get an idea of what file names you are using from the thumbnails and any possible browsing history it may keep. Even with command line shells you need to keep in mine shell history, and take appropriate measures to protect yourself. Same goes for editors that could make use of /tmp. Now don't get me wrong. I use EncFS a lot, and not just for files I want secure, but for a lot of less important files too (the more you have the the harder it is to separate the craff or fake un-decipherable data). But you can't just use it blindly.
And a KDE4 version , really would be excellent.. still :)
My main problem is the mess (.directory) appears during working with koquerror an dolphin. This prevents mounting the file system. I hate the thumbs files on my cd-s, and i hate... (KDE4 is not intended for the daily usage but it is only for the design.) I must find a stupid solution for this problem.
When running ~> kencfs2 this error: User specific directories for K-EncFS are present User specific encrypted directory for K-EncFS present Traceback (most recent call last): File "/usr/bin/kencfslink", line 17, in <module> from qt import * ImportError: No module named qt Any workaround?
python-qt3, python-kde, ... see the dependencies!
Is there a chanse to port it to KDE4? Could somebody provide a source rpm?
Python-KDE4 is in experimental state. Every distro have a surprise in store for you. There is a serious risk concerning your data if you use it.
Any chance that the k-encfs gui can be updated to work with version 1.4.2 or 1.5.0? Seems this kde-app has lapsed back in the version 1.3 or before days of encfs.
Unfortunately the author of encfs refused to cooperate with me. I think, he assumes that you use only command line. How can you remember the command line parameters for hundred of applications? I forget it after I have finished my work with the frontend. Much more serious problem is the backward compatibility... I have to check the application regularly, and to correct it. I created this application for you, but this does not apply for encfs.
installed by using ınstall script, when type kencfs2 on konsole, got this error: User specific directories for K-EncFS are present User specific encrypted directory for K-EncFS present /usr/bin/kencfs2: line 36: kencfslink: command not found
Is the link /usr/bin/kencfslink really missing after the installation? (It was copied by the install script. Please copy it manually from the tgz to the target directory!)
hi, can use kencsfs2 to external drive(hd usb)?
EncFS is not a drive encryption tool. It is for folders. In this state of my app you cannot modify the encrypted folder. It could be a future feature.
I have used kencfs2 for a while but recently have found that it no longer functions. I suspect that perhaps kencfs.py no longer works with the latest version of python... I have worked through a number of error messages myself but have finally become stymied on this one: User specific directories for K-EncFS are present User specific encrypted directory for K-EncFS present /usr/bin/kencfs2: line 52: 9966 Segmentation fault /usr/local/bin/kencfslink I have encrypted files but can no longer access them because kencfs2 no longer works.
A bit more info. Here is the end of strace output when trying to run kencfs2: open("/usr/lib/python2.5/site-packages/sip.so", O_RDONLY|O_LARGEFILE) = 4 fstat64(4, {st_mode=S_IFREG|0755, st_size=60980, ...}) = 0 open("/usr/lib/python2.5/site-packages/sip.so", O_RDONLY) = 5 read(5, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0\0 \0\000"..., 512) = 512 fstat64(5, {st_mode=S_IFREG|0755, st_size=60980, ...}) = 0 mmap2(NULL, 59912, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 5, 0) = 0xb7a93000 mmap2(0xb7aa1000, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 5, 0xe) = 0xb7aa1000 close(5) = 0 close(4) = 0 --- SIGSEGV (Segmentation fault) @ 0 (0) --- +++ killed by SIGSEGV +++ Process 10590 detached
You can mount the encrypted folder from command line: encfs (your home directory)/.kencfs2/.encrypted (your home directory)/.kencfs2/encrypted -S Similar problem were reported on 1 of Nov 2007. I uploaded the new version 2.1 on 17 of Dec 2007. Which version do you use?
Hello Im using Opensuse 10.2 I get the following message: ImportError: No module named kdecore Kdebindings is installed What went wrong?
It was tested on SuSE 10.3, the previous release on 10.2. The kdecore is the most important part of python-kde. It is not installed, or the wrong version installed (not for SuSE 10.2), the postinstallation script failed... Try to reinstall it.
I had this working on my Mandriva 2007.0 and 2007.1 system but since I upgraded to 2008.0 it no longer works. I installed it after meeting all the dependency requirements but when I try to start it: /usr/bin/kencfs2: line 52: 22227 Segmentation fault python /usr/local/lib/kencfs2/kencfs.py
The referenced line is a 'fi' tag, I do not understand the problem. Try from the konsole: python /usr/local/lib/kencfs2/kencfs.py What kind of error message appears?
Two things i immediately missed after installing: - ability to set my own mount point, in my case i was used to ~/sources ( dont ask ) - ability to mount the filesystem before the rest of the KDE session is restored during login For example, if, before logout, i had a Kate session open with several files from the encrypted directory, kate will come up with blank files before i mount the dir. I know this is fundamentally much more difficult to do... maybe if Kencfs was integrated with KDE wallet instead ? KDE wallet seems to behave quite nice with the rest of the apps (Kopete, KMail etc ) Now i am still back to mounting the filesystem from a virtual terminal before actually logging in with KDE. two bash aliases do the job, one for mounting other for unmounting
You are about to decrease the safety of your protected data. There are options to do this, but it is not included K-EncFS. EncFS can use your login password for KDE to mount the encrypted file system, but in this case your data is protected by the same way as your computer generally. Boot from a live CD, change the file /etc/... (stores your password hash), and your encrypted file system is... does not really protect your data. There is not any other way to restore your kate sessions automatically. The question: safety or confort?
I was not suggesting to use the KDE login password. Similarly as KDE Wallet does not use the same password as login. By the way, there is a libpam-encfs package that could probably be used for more flexible authentication option, i did not try to use that yet. Here is what i am doing right now after bootup: when kde login comes up, i switch to virtual terminal ( alt+f1 ) login from there mount the encfs directory using bash alias and input my long-and-secure encryption password switch back to KDE screen, ALT+F7 login KDE will restore my session, including all open files ( CodeBlocks workspaces, Kate files, etc. etc. ) from the secure disk
I was talking about libpam-encfs. It uses the KDE login password. I studied the kwalletmanager on two systems. It works on neither of them. On SuSE 10.2, it does not accept the correct password. On debian ETCH, I cannot access any folder. Panes are missing... I cannot apply such a buggy application. Please explain me, how can you use this application on your system? EncFS cannot restore anything concerning a KDE session. There are not any feature to do this. We need an application with the ability of delaying the system tray activation untill you enter your password. I think, it could not be a KDE application, because it relies on KDE. A KDE application cannot work before KDE starts. Patching kdm could be a good solution. (Please send the KDE team a feature request!) I cannot understand your problem with the directories. EncFS uses two directories. One for the encrypted data. You need not acces it directly. The other is a virtual folder, it must be empty before mounting the fs. You cannot pass any data directly into this folder. It is a file system, not separate resistant encrypted files. If you do not like the name of the folder, you can edit the file /media/hdc2/usr/local/lib/kencfs2/kencfs.py. Change the value of the variables self.user_dot_encrypted and self.user_encrypted! Then, edit the start script /usr/bin/kencfs2!
Please, do it for GTK!