Linux Tutorial: How to create a password-protected folder

When I first wrote this post, I recommended the use of cfs.  But that was a few years ago, and now I recommend truecrypt.  cfs is fiddly, and is hard to get used to if you don’t use the command line interface much and don’t know how to RTFM.  Whereas truecrypt has a nice graphic user interface, encrypts “on the fly”, and has a ton of other features that make it my fave encryption application.  You can read all about it, and download it, at
Ubuntu does not, by default, provide a way to create password-protected directories.  A right-click on a folder does offer to encrypt, but that is done with gpg, which uses a gpg key.  You’d need to email your public key to anyone you wanted to have access to the folder, which is a rather cumbersome procedure when all you want is a simple password protection!
Using the -c flag with gpg (gpg -c) uses symmetrical encryption –  this means a protected file can be opened with a password.  But gpg -c works only on files, not directories.
Truecrypt is an encryption package that does allow the user to create password-protected directories.  Unfortunately, you can’t install truecrypt with apt-get or Synaptic – it is not in any of the repsitories.  But you can get it in .deb form, from
There is an app in the repositories that enables the user to create password-protected folders.  This app, cfs, is for creating encrypted partitions and filesystems.  And as a directory is a filesystem, cfs is good for our purpose.
cfs is a command-line utility.  Unfortunately, many newbies don’t like using the command-line interface.  But there’s no need to fear the CLI.  Here is a step-by-step tutorial on how to use cfs to create a password-protected directory.
First thing  we need to do is install cfs.  This can be done through Synaptic or with apt-get.  And as are going to be using a terminal for this procedure, we may as well start right now. So, open a terminal Applications > Accesories > Terminal and type in the command
sudo apt-get install cfs
Type in your password when prompted.  apt-get will ask if you want to install the other packages that cfs depends on – answer “y” to all this.  When cfs has been successfully installed, apt-get will exit and you’ll be returned to the command prompt.
There will now be several new commands available to you.  The ones we will need today are cmkdir, cattach and cdetach.
Now we need to create the encrypted directory. To do this, we will use the command cmkdir.  cfs will ask for a “key” – this is the pass phrase you will use to open the folder in the future, and must be at least 16 character long.  In this example I’m going to call my encrypted directory “lock”.
So, go to the location where you want to put the directory and create it,
user@ubuntu:~$ cmkdir lock

So, the encrypted directory “lock” has been created in my home directory – ie ~/lock.  Now we want to put our secret files into it. This is done by attaching another directory to ~/lock. I’ll call this one “clock”, but you can call it whatever you like. cfs will ask for the key – this means the pass phrase you just made up.
user@ubuntu:~$ cattach lock clock

If you look in the directory /crypt you will find the directory you just made – /crypt/clock.  This is where you want to put your secret files. You don’t put the files direcly into ~/lock.
user@ubuntu:~$ mv file1 file2 file3 /crypt/clock/

Now, to close ~/lock so no one can get into it, we need to unattach the directory with the cdetach command.
user@ubuntu:~$ cdetach clock

Do you want to check that your files are in ~/lock, and that they’re encrypted?  Well, let’s see a list of ~/lock’s contents:
user@ubuntu:~$ ls lock
19929910f65ed51c  1deec15b5201f48d  c8b70c7c5b4e5884

So the file names have been encrypted too.  And what’s in them?
user@ubuntu:~$ cat lock/19929910f65ed51c
”’8L„åD3&O0”Ç›5┌¦·1Þ_-R⎽û°8(Ôµ┬çH¸SȾ°␉⎽«¦S£ò?ÿßë´æ‘¡⎺V◆O├ä„E◆ì$VEM¨⎺†VüÔОÄ²ïÑ├] >(␤ ª@Õ呵┘¡•┬/‰éâ┌␌O±“Àâ0Q
H◆?7¿C€#┘èÄSܵ€*?ŠÚB─šKõ‹·ù¾ˆ°ÃB£Êß9ÏU¢ȁ֌+(ëöQ®┐?:≥ÔI•D¡(‹ÚÁ;¿<(ÒÃ⎼ñC…•óI┌ÚMËÕ│S¾ÛüM®ŒÄÇ œÎ␋⎽Ñ◆┬’?    à‹Ì¢ý┌‹€SÉ└½€[¢‰⎼ˆ°ÿ ␌ºä┬üLÈW–ìHÖ¬◆Ô3à° ┌ϛ┼≠␋¶≠­/S-;·
ïŸ20áµïÍ£©≥ŒÔ␌␋—,┐š ├5´Ë²Â␌ß³≠¥–(¢]    ⎺æ≠·ÙU│àô
ŽÇ\     ÝQ⎻H@&␌┼└·├[³¯•ÓζGU

When you want to access your secret files, or if you want to put more files into ~/lock, you must first reattach it, using cattach.  You move files in or out of the attached directory in /crypt – you never put files directory into ~/lock. Then when you’re finished, you retach using cdetachYou must never forget to detach if you want to keep the secret files secret.
If you’ve got any questions or comments, don’t be shy!
Locations of visitors to this page

free web stat

0 thoughts on “Linux Tutorial: How to create a password-protected folder”

  1. i followed the above procedures and got locked myself inside,
    this is what i did
    1. cmkdir sensbackup
    key : 1234567890123456
    again : same
    2. created a folder test by mkdir test,and cattach sensbackup ./test
    3. key : same key
    4. now added a new file inside /crypt/test/sample.txt
    5. cdetach test
    6 now when i try to attach it says
    [14:09][root@Internalserver:~]$ cattach ./sensbackup/ ./test/
    Key:same key
    cattach: badly formed name
    how do i recover from this ?

  2. ravishankar: I don’t understand why you created the directory “test”. If you wanted to attach sensbackup to a directory called “test”, all you needed to do was give the command:
    cattach sensbackup test
    ie, there was no need to do “mkdir test”.
    These are the steps you should have done:
    1. cmkdir sensbackup (creates the encrypted directory “sensbackup”)
    2. cattach sensbackup test (attaches sensbackup to a directory /crypt/test)
    3. put file in /crypt/test
    4. cdetach test (detaches sensbackup from /crypt/test… so /crypt/test no longer exists)
    I advise you to delete sensbackup and test, then follow the steps outlined above.

  3. Hi Poorna: I will be very happy to help you if I can. but you need to explain what you’re doing and what’s happening much more clearly. Describe precisely what steps you are taking, and exactly what happens when you’ve done that. Also tell us what OS you’re using – i guess it’s a linux distro? Which one (eg Ubuntu, Debian, PCLinuxOS, Fedora…) and which version – for instance I currently use Ubuntu 9.04 (“Jaunty”). Provide as much info as possible, and i will happily help you if I can.

  4. thx, dude infact i’ve been sufferin frm lockin problem in ubuntu.i’ven’t tried these but thx in advance.

  5. Hi! Thank you for your clear tutorial. I have a question. After I created and successfully moved my files and “cdetach”ed clock, I tried accessing my files. So I cattach clock, but the folder /crypt/clock/ no longer exists, and I cannot access the files. However, if I do “cattach lock clock2”, then I can easily see and access the files inside /crypt/clock2/. Could you explain why this happens? Do I need to attach different named folders every time? How exactly does accessing the encrypted files happen?

  6. While I can’t give you a definitive answer to your question: *nix file systems often regard a recently used-then-dispoded-of associations as “stale”. So I guess that *might* be your problem.
    Instead of cattaching lock to clock, have you tried a completely different file name? Eg “steakandchips” instead of “clock”. This might be the solution you seek – maybe not – but maybe it’ll work huh?
    It might also be an idea to *not* cdetach folders unless you really realy think you won’t need access again really really soon. I know typing passwords all the time is a really pain-an-the-butt kinda thing to do; but what’s preferable: typing words or having your online presence hijacked and used for nefarious ends? I know which inconvenience *I* prefer.

  7. Hi, well i had the same problem as some other ppl here, ones u cdetach the folder where u moved the files in /crypt/XXXX … the next time i try to cattach to XXXX it says “Stale NFS file handle” or some other errors, well i’m not sure why but it seems that the problem is that u dont unmount the directoy correctly so u have to tipe
    $sudo umount -f /crypt/XXXX
    And after that you shud have no problem,
    i will try to write a script to do all this a little easier 😛

  8. Hi!
    I just followed to tutorial to the point where I’m supposed to attach the new directory.
    Like this: cattach lock clock
    However i get the following line:
    RPC: Unable to receive
    If i look into my /crypt directory, it is empty.
    Any ideas what could be the problem?

    1. However I *can* suggest you give Truecrypt a go – it’s awfully user-friendly nowadays. And you can always use the gpg -c command to tell gpg to make a “password-protected” symmetrically-encrypted file. Not the same as a password-protected folder, I know, but it might serv a similar purpose (ie keeping others’ noses out of your business). On 12 August 2010 11:29, Martin Topping wrote: > Sorry no. >

  9. Dear,
    I just complete how to create a password protected folder according to tutorial successfully.I also lock a folder in it.But the problem is how can I unlock this folder.Now wht can I do? pls help me.

  10. After detaching the directory to encrypt the directory. I tried to decrypt and access again the directory but after using cattach then ‘ls’ in /crypt, this message appeared: “Stale NFS file handle”. Why is this so?

    1. As far as I can remember, if you cdetach, then cattatch soon after using the same name, you get the “Stale NFS file handle” error. You can work around this by using a different name if you need to re-cattatch so quickly.

    1. Sorry, but I think decryption is covered as well as encryption in the tutorial (otherwise what would be the point of it, right). Lotsa other ppl seem to have sussed it out ok. All I can suggest is that you make your way through the tut again, real carefully, making sure you follow all steps correctly, also read all the comments. If you still got troubles, comment again with specifics about your prob (error messages etc) and I’ll try to re-explain in different terms. But I do think the tut is as clear as it can be.

      1. No, it really doesn’t cover it. Since it’s your suggestion: read the comments above; the issue of not being able to recover the encrypted folder has not been resolved.

  11. To start, I’m using Ubuntu10.04… /lock is on an external harddrive… /crypt is rooted on my laptop… and this isn’t working for me. I understand that I have to either unmount or use a new name when reusing cattach. The problem is that when I “LS” in “/crypt” I get
    “ls: reading directory .: Input/output error”
    I can still “CD” into the virtual directory, but “LS”ing there will give the same results. If I try to “CP” or “MV” *.* then I end up with
    “cannot stat `*.*’: No such file or directory”
    If I try to “CP -r” the whole “/crypt/whateverTheFUwannaCallit” then I’ll end up with
    “cp: cannot access `/crypt/shit’: Input/output error”
    Do I need to know the exact name of the files inside to move them out? If so, Cname is outdated and wont work. Why can’t I just decrypt the files in “/lock” ?

    1. All of this is explained in the post – all that stuff about cattach and cdetach. But since you’re having problems, I’ll go over it again…
      If your encrypted folder is called lock, you can get into it with the command:
      cattach lock clock
      cfs will ask for the key (password) you used when you created the folder. Type that in. Now you can move to the folder /crypt/clock, with command:
      cd /crypt/clock
      You can look at the list of the contents with the command:
      You can use the “cat” command to look at a text file, or use the “cp” command to copy a file from /crypt to your desktop (or wherever you want).
      When you’ve finished using the decrypted files, make sure they’re all in the /crypt/clock folder. Now make sure you’re in your home directory with command:
      and detach (ie re-encrypt) your files with the command:
      cdetach clock
      Now the /crypt folder disappears, and all your data is encrypted in the “lock” folder again.
      Read the man pages for the commands cattach and cdetach if I haven’t explained this clearly. But my advise is to use the truecrypt application. Truecrypt has a good graphic interface, you can use it to create an encrypted USB stick, and unlike cfs, it doesn’t decrypt all your encrypted files at once. Try truecrypt – I use it now and have dropped cfs entirely. “That’s progress” as the Dead Kennedys told us a long time ago. 😉 You can find out all about truecrypt, and download it, at

  12. I have done theese steps .. thanks its perfectly working on ubuntu. but when i am doing with centos-5.5. every thing is work except one thing. when i used the command cattach lock clock, then it is not creating any clock dir under /crypt. it ask phasphrase and execute successfully but not create dir.
    please help me for this issue ?

    1. Sorry, Rupesh, but my experience of Linux stretches only so far as Ubuntu and its ilk (eg Linux Mint) and maybe even some Debian. I’ve never used CentOS/Red Hat,and don’t feel at all qualified to help you on this issue.
      But, since you’re using Linux, I can’t see the set-up via command-line being very different. Are you 100% *sure* you did what I set out? It’s always possible that cfs has changed since I last used it: I’m a Truecrypt fan now, and I’d advise everyone to at least check out. It’s pretty damn good nowadays, and I can walk around with an encrypted USBstick on me – if the “enemy” (???) catch me with it, I can give them a password that decrypts some harmless files I put on there; whereas a different password will decrypt the files I *really* want kept secure. And apparently there’s no way for the “enemy” (who in hell is this enemy?) to tell there’s other encrypted files on the stick – it’s all just pseudo-random junk, which is what he’d expect to find. So long as no one invents a quantum computer that can factorize biiiig numbers quickly, our secrets will be safe. And I don’t *think* anyone’s made such a quantum computer. Yet. :s

Leave a Reply

Your email address will not be published. Required fields are marked *