eCryptfs is a cryptographic filesystem embedded inside the Linux kernel (versions 2.6.19 and later), it is also a stacked filesystem, which means that eCryptfs is a layer that works on top of other standard, lower file systems, such as ext4, FAT32, XFS and ReiserFS.

Some of the great advantadges of eCryptfs over other encryption methods such as LUKS are:

1. Dynamic size of the encrypted tree: The size of the encrypted part does not need to be fixed in advance, you don’t have to pre-allocate a big chunk of your hard disk space to store your sensitive data that maybe only few megabytes.
2. All the cryptographic metadata is stored in the header of the file. This means that the encrypted file can be copied and moved from one location to another not leaving any metadata behind.
3. Files can be encrypted with multiple keys so that multiple different users can have access to encrypted but shared files. You can have different files encrypted by different users and each user can access only his files.

Disavantadges of using eCryptfs (this may change in future versions):

1. eCryptfs does not encrypt filenames, only the content.
2. Certain patterns, such as a typical distribution of file size in a directory, will always give a clear hint of what is being stored, even if it is encrypted.

eCryptfs should not be used if you want to hide the fact that something is stored! You will not be able to deny the existance of encrypted files!

To install eCryptfs in RPM based linux (Fedora, Mandriva, OpenSuse, etc):

su -c ‘yum install ecrypt-utils’

To install eCryptfs  in DEB based linux (Debian, Knoppix, GRML, etc):

sudo aptitude install ecryptfs-utils

eCryptfs Linux Kernel chart

First create a folder in your Home directory and name it secret:

mkdir ~/secret

Now you need to change the folder permissions to make sure nobody else will access it:

chmod 700 ~/private

Then mount the ecryptfs to the private folder using the following command as root:

mount -t ecryptfs ~/private ~/private

eCryptfs will then prompt you to answer a few questions, see screenshot below:

After you have made your choices and mounted the encrypted folder you can add files inside.

To test the reliability of eCryptfs, unmount your encrypted folder and see if you can open the files inside the secret folder.

sudo umount ~/secret

If it is working properly, you should not be able to open any files inside the folder.

Warning: Once the encrypted data is accessed it will leave traces all over your operating system (swap, print spool, spell-checker, backups …). If you really care about your private data falling in the wrong hands then use whole disk encryption!