Note: File encryption in TRAMP is experimental, don’t use it in production systems!
Sometimes, it is desirable to protect files located on remote directories, like cloud storages. In order to do this, you might instruct TRAMP to encrypt all files copied to a given remote directory, and to decrypt such files when accessing. This includes both file contents and file names.
TRAMP does this transparently. Although both files and file names are encrypted on the remote side, they are accessible inside Emacs as they wouldn’t be transformed as such.
Internally, TRAMP uses the encfs package.
Therefore, this feature is available only if this package is installed
on the local host. TRAMP does not keep and ‘encfs
mountpoint’ permanently. Instead, it encrypts / decrypts files and
file names on the fly, using encfsctl.
This command marks the existing remote directory name for encryption. Files in that directory and all subdirectories will be encrypted before copying to, and decrypted after copying from that directory. File and directory names will be also encrypted.
If a remote directory is marked for encryption, it is initialized via
encfs the very first time a file in this directory is
accessed. This user option controls, which default encfs
configuration option will be selected, it can be "--standard"
or "--paranoia". See the ‘encfs(1)’ man page for details.
However, TRAMP must adapt these configuration sets. The
chainedNameIV configuration option must be disabled; otherwise
TRAMP couldn’t handle file name encryption transparently.
A password protected encfs configuration file is created the
very first time you access an encrypted remote directory. It is kept
in your user-emacs-directory with the url-encoded directory
name as part of the basename, and encfs6.xml as suffix. If
you, for example, mark the remote directory
/nextcloud:user@host:/path/to/dir for encryption, the
configuration file is saved as
tramp-%2Fnextcloud%3Auser%40host%3A%2Fpath%2Fto%2Fdir%2F.encfs6.xml
in user-emacs-directory. Do not lose this file and the
corresponding password; otherwise there is no way to decrypt your
encrypted files.
If this user option is non-nil (the default), the encfs
configuration file .encfs6.xml is also kept in the encrypted
remote directory. It depends on you, whether you regard the password
protection of this file as sufficient. The advantage would be, that
such a remote directory could be accessed by different Emacs sessions,
different users, without presharing the configuration file between the
users.
The command encfsctl, the workhorse for encryption /
decryption, needs the configuration file password every call.
Therefore, it is recommend to cache this password in Emacs. This can
be done using auth-sources, Using an authentication file.
An entry needs the url-encoded directory name as machine, your local
user name as user, and the password. The port is optional, if given
it must be the string "crypt". The example above would require
the following entry in the authentication file ("yourname" is the
result of (user-login-name)):
machine %2Fnextcloud%3Auser%40host%3A%2Fpath%2Fto%2Fdir%2F \
login yourname port crypt password geheim
If you use a remote file name with a quoted localname part, this localname and the corresponding file will not be encrypted / decrypted. If you have an encrypted remote directory /nextcloud:user@host:/path/to/dir, the command
C-x d /nextcloud:user@host:/path/to/dir
will show the directory listing with the plain file names, and the command
C-x d /nextcloud:user@host:/:/path/to/dir
will show the directory listing with the encrypted file names, and visiting a file will show its encrypted contents. However, it is highly discouraged to mix encrypted and not encrypted files in the same directory.
This command should be used to indicate that files in name
should no longer be encrypted. Existing encrypted files and
subdirectories will remain encrypted.