IT-Service Faculty of Physics

Language Selection

Breadcrumb Navigation


Data encryption


encfs is a program to encrypt folders. The program is available on each computer in the CIP-Pool.

How to use encfs:

First, create two folders in your home directory as described below. The first folder will later contain the encrypted files. You will need the second folder when you modify the data. In the second folder the files will be shown unencrypted after you enter your password.

cd ~
mkdir private
mkdir readable

To set up the private folder for data encryption, enter:

encfs ~/private  ~/readable

It is recommended to use the encryption mode that is set by default. Confirm with Enter. Enter your password.

Use this command whenever you want to access your encrypted files. To finish the processing of the data and to lock them away again, use command:

fusermount -u ~/readable

The readable folder will then be empty and all data will be safely encrypted in the private folder.


Data encryption with gpg

Example: Encrypt file "secret.txt" using pgp. (Enter a password:)

gpg -c --cipher-algo TWOFISH --digest-algo SHA512 secret.txt

or, for a very safe encryption (only safe if you use a safe password):

gpg -c --cipher-algo TWOFISH --digest-algo SHA512 --s2k-mode 3 --s2k-digest-algo SHA512 secret.txt

Further options:

--s2k-mode N 

N can adopt either of the values 0, 1 and 3. 0 means that the password is directly used, which is not recommendable. 1 means that a sentence is added to the password; this is the standard. 3 is the most secure one, repeating the process used by 1 several times.


This parameter expects a hash algorithm that is to hash the password.

An encrypted file will be created: "secret.txt.gpg"


gpg -d -o secret.txt secret.txt.gpg

You will be asked for your password, and an encrypted file will be created:


Short description: man gpg

Detailed description: