I remember using EncFS on Linux and finding it perfect for my needs. “If only this encryption was available for Windows,” I said. To my surprise, it was! I’ve been using it on Windows for a few years, and in this guide I’ll show you how to set it up on your own system.
Most encryption solutions for Windows won’t work for me. I have Windows Subsystem for Linux installed on my system and I use an rsync script to back up my files. I also back up my files to the cloud as an extra precaution.
Well, rsync and cloud storage providers compare your local files with the backed up files to see what changes have been made. If the two copies don’t match, then the new changes will be synchronized. With volume encryption, this just doesn’t work very well. A change to a single file means the whole volume has been changed, and the entire thing must be synced with the backup.
EncFS works differently than volume encryption or whole disk encryption. Your encrypted files are stored in a directory, and when you supply EncFS with the proper password, it mounts that encrypted directory to a new directory that contains all your decrypted files.
Let’s look at a visual example.
The files on the left are encrypted, and the files on the right are the exact same files, but they’ve been mounted and decrypted. When you make changes to the decrypted files, the encrypted files on the left are what is actually changing.
These encrypted files are what you should back up to the cloud (and in my case, with rsync). They are the files you want to store on your backup drives and anywhere else. Then, when you need to access them, you supply a passphrase to EncFS and mount the encrypted directory.
EncFS on Windows
My first thought when I tried to get EncFS on Windows was to just use Windows Subsystem for Linux. But that doesn’t work. WSL doesn’t have its own kernel, thus encryption utilities like EncFS, ecryptfs, etc. simply won’t work.
There are a couple projects floating around that have ported EncFS over to Windows. One is called EncFSMP, and this is the one I’ve had great success with.
EncFSMP’s home page sums up its features quite well:
Features of EncFSMP:
- Mounts EncFS folders on Windows and OS X
- Can create, edit, export and change the password of EncFS folders
- Is 100% compatible with EncFS 1.7.4 on Linux
- Completely free, no nags, no additional downloads like toolbars etc.
With EncFS MP, you can store your data in an encrypted folder. This is especially important if you store your sensitive data in a cloud service like Dropbox or Google Drive. Since EncFS exists on many platforms, you can access your data from a Windows PC, from an Apple computer, from Linux (using the built-in EncFS), or even from an Android device (using Cryptonite).
Install and Configure EncFSMP on Windows
1. Head over to the download page on EncFSMP’s site to get the program. There’s a stable version available and a beta version. This program is used to encrypt thousands of my irreplaceable files, so I always opt for the stable release.
2. Run the installer and go through the few prompts to get the program installed. It should only take a moment and all the prompts are very straightforward.
3. Once EncFSMP is installed, you can find it in your Start menu and open it.
4. Create a new directory where you plan to store your encrypted files. If you already have files that need to be encrypted, they will go into the mounted decrypted directory later on. For now, just create an empty directory for the encrypted files. For this example, I’ll put mine in
5. Click “Create new EncFS.”
6. You’ll now be required to fill out a name for the mount, the path to your encrypted directory, and a password. EncFSMP will mount your decrypted files as a hard drive. You can choose the drive letter if you’d like, or just leave this set to auto.
7. The EncFS parameters can be left at their defaults. If you do need to make some changes, you can select Expert mode to customize these fields. The only one I’ve ever bothered changing was “Name encoding.” Changing it to “Null” will make it so EncFSMP doesn’t encrypt your file names. I didn’t want mine encrypted because I don’t need to hide the names and I want to be able to identify the encrypted files by their name. But you’ll probably just want to leave the default Standard configuration checked.
8. Click OK when you’re done, and then you can mount the encrypted file system by highlighting it and clicking Mount.
9. Enter the password you configured earlier to mount the directory.
10. You’ll now see the decrypted directory mounted as a hard drive in Windows Explorer.
That’s all there is to it. Any files you drop in here will be encrypted and placed inside the encrypted directory we created earlier. If you’ve used EncFS on Linux before, you should notice the behavior of EncFSMP is very similar on Windows – it all works the same way and is cross-compatible.
Before you go, allow me to impart some words of wisdom since I’ve been using this program for a while now.
1. EncFS (not just EncFSMP) will generate a .encfs6.xml file in your encrypted directory. Protect this file. If you lose it, you’ll never be able to decrypt your files again.
Back up this file with the rest of your important files. It doesn’t contain any sensitive information, so no need to worry about anyone seeing it.
2. In EncFSMP, click on Options > Minimize to tray. This will keep EncFSMP out of your way but it will continue running in the notification area of the taskbar.