How to Use EncFS Encryption on Windows 10

I remember using EncFS on Linux and finding it perfect for my needs. “If only this encryption was available for Windows,” I said. To my surprise, it was! I’ve been using it on Windows for a few years, and in this guide I’ll show you how to set it up on your own system.

Why EncFS?

Most encryption solutions for Windows won’t work for me. I have Windows Subsystem for Linux installed on my system and I use an rsync script to back up my files. I also back up my files to the cloud as an extra precaution.

Well, rsync and cloud storage providers compare your local files with the backed up files to see what changes have been made. If the two copies don’t match, then the new changes will be synchronized. With volume encryption, this just doesn’t work very well. A change to a single file means the whole volume has been changed, and the entire thing must be synced with the backup.

EncFS works differently than volume encryption or whole disk encryption. Your encrypted files are stored in a directory, and when you supply EncFS with the proper password, it mounts that encrypted directory to a new directory that contains all your decrypted files.

Let’s look at a visual example.

Encrypted directory and decrypted directory side by side with EncFS on Windows

The files on the left are encrypted, and the files on the right are the exact same files, but they’ve been mounted and decrypted. When you make changes to the decrypted files, the encrypted files on the left are what is actually changing.

These encrypted files are what you should back up to the cloud (and in my case, with rsync). They are the files you want to store on your backup drives and anywhere else. Then, when you need to access them, you supply a passphrase to EncFS and mount the encrypted directory.

EncFS on Windows

My first thought when I tried to get EncFS on Windows was to just use Windows Subsystem for Linux. But that doesn’t work. WSL doesn’t have its own kernel, thus encryption utilities like EncFS, ecryptfs, etc. simply won’t work.

There are a couple projects floating around that have ported EncFS over to Windows. One is called EncFSMP, and this is the one I’ve had great success with.

EncFSMP’s home page sums up its features quite well:

Features of EncFSMP:

  • Mounts EncFS folders on Windows and OS X
  • Can create, edit, export and change the password of EncFS folders
  • Is 100% compatible with EncFS 1.7.4 on Linux
  • Completely free, no nags, no additional downloads like toolbars etc.

With EncFS MP, you can store your data in an encrypted folder. This is especially important if you store your sensitive data in a cloud service like Dropbox or Google Drive. Since EncFS exists on many platforms, you can access your data from a Windows PC, from an Apple computer, from Linux (using the built-in EncFS), or even from an Android device (using Cryptonite).

Install and Configure EncFSMP on Windows

1. Head over to the download page on EncFSMP’s site to get the program. There’s a stable version available and a beta version. This program is used to encrypt thousands of my irreplaceable files, so I always opt for the stable release.

2. Run the installer and go through the few prompts to get the program installed. It should only take a moment and all the prompts are very straightforward.

3. Once EncFSMP is installed, you can find it in your Start menu and open it.

4. Create a new directory where you plan to store your encrypted files. If you already have files that need to be encrypted, they will go into the mounted decrypted directory later on. For now, just create an empty directory for the encrypted files. For this example, I’ll put mine in C:\Encrypted.

Empty encrypted directory in Windows Explorer

5. Click “Create new EncFS.”

Create new EncFS button

6. You’ll now be required to fill out a name for the mount, the path to your encrypted directory, and a password. EncFSMP will mount your decrypted files as a hard drive. You can choose the drive letter if you’d like, or just leave this set to auto.

Filling out mount name, encfs path, password, and drive letter in EncFSMP

7. The EncFS parameters can be left at their defaults. If you do need to make some changes, you can select Expert mode to customize these fields. The only one I’ve ever bothered changing was “Name encoding.” Changing it to “Null” will make it so EncFSMP doesn’t encrypt your file names. I didn’t want mine encrypted because I don’t need to hide the names and I want to be able to identify the encrypted files by their name. But you’ll probably just want to leave the default Standard configuration checked.

Configuration menu for encryption settings on EncFSMP

8. Click OK when you’re done, and then you can mount the encrypted file system by highlighting it and clicking Mount.

Clicking the Mount button on EncFSMP

9. Enter the password you configured earlier to mount the directory.

Entering password to mount the encrypted directory

10. You’ll now see the decrypted directory mounted as a hard drive in Windows Explorer.

Mounted encrypted directory

That’s all there is to it. Any files you drop in here will be encrypted and placed inside the encrypted directory we created earlier. If you’ve used EncFS on Linux before, you should notice the behavior of EncFSMP is very similar on Windows – it all works the same way and is cross-compatible.

Bonus Tips

Before you go, allow me to impart some words of wisdom since I’ve been using this program for a while now.

1. EncFS (not just EncFSMP) will generate a .encfs6.xml file in your encrypted directory. Protect this file. If you lose it, you’ll never be able to decrypt your files again.

encfs6.xml file auto-generated by EncFS

Back up this file with the rest of your important files. It doesn’t contain any sensitive information, so no need to worry about anyone seeing it.

2. In EncFSMP, click on Options > Minimize to tray. This will keep EncFSMP out of your way but it will continue running in the notification area of the taskbar.

Option for minimizing EncFSMP to system tray


Comments:

  • I believe I know how to use EncFSMP (For Win10) but I do not see any instructions on how to Sync with My Cloud Storage, only uploading or downloading the Files that have changed as opposed to the entire encrypted container (or volume etc…) Could you help with the instructions on that.

    Thank You So Much for your clear documentation… that is rare, RARE in All Things TECH~!

    ~Nee

    • EncFS (and by extension, EncFSMP) encrypts files individually, rather than creating an entire volume or container. This works well with cloud storage providers because only the files you change will get synced to the cloud, rather than needing to sync a massive container when only a few bytes change.

      To configure your encrypted files to upload to a cloud backup, just point your cloud application to where you have the encrypted files on your computer. They will be stored in the cloud encrypted. When you download them, you’ll have to mount the files with EncFSMP to decrypt them.

      If you’d prefer volume encryption for Windows, you could try VeraCrypt. Some cloud providers work well with certain volume level encryption software so you can avoid syncing the entire container whenever a file is updated. Hopefully this helps. Thanks for the comment!

  • Gerald Livingston says:

    Should one “scrub” all local filesystems after “using” a file stored on an encfs volume? Eg. If I open and edit a legal document stored on a mounted encfs drive on My Windows10 or Linux machine should I unmount the encfs container afterwards and delete all temporary files then run a “wipe deleted files and empty space” program afterwards?

    Do unencrypted versions get stored somewhere when accessed. Actually, even just viewed, not necessarily edited.

    Thank you,

    Gerald

    • It would depend on the programs you’re using to open/edit the files. Most applications would not cache the unencrypted file anywhere, so your files should be totally inaccessible after unmounting your encrypted container. I think there’s a higher chance of the file being cached in RAM rather than on the hard disk anywhere. Clearing the RAM cache (or just restarting the machine) should take care of that – but it would be a very advanced process to perform a recovery from there anyway.

Leave a Reply

Your email address will not be published. Required fields are marked *