Encrypted filesystem on Mega.co.nz

In this article, I will describe a method for creating and sharing on different systems an encrypted directory in a mega.co.nz account (henceforth “mega”).


You might be asking why one would want to store encrypted files on a system that provides for end-to-end encryption and stores the file data internally encrypted.  The problem boils down to trust.  I’m not ready to trust mega, despite that they might be trust worthy.  Their encryption design is relatively new and this is a reason to be wary, as it hasn’t been time tested.  I’d prefer to use solutions that have been around a while and used by many.


The idea behind the implementation is to use a FUSE filesystem to access mega and then layer an encrypted filesystem on top of that.  This is basically the technique I use for encrypting files I store on dropbox (see here and here).  There is a key difference in how I currently use dropbox, which gives me 2GB, and how I plan to use mega, 50GB.  I’d like to backup large amounts of data to mega encrypted and be able to access that from potentially any computer around the world.  However, I don’t want to delete the originals and to keep them unencrypted on the local disk where the currently reside.  Since I don’t want to keep two copies of the data locally (an encrypted version and the originals), I want a solution that takes the existing unencrypted directory of originals and gives me an easy way to map that into the cipher text of the encrypted filesystem.

In linux there are two major layerable encryption filesystems: ecryptfs and encfs.  I currently use ecryptfs with dropbox and it seems like the more mature and efficient solution.  However, it does not provide the reverse (plain text -> cipher text) functionality mentioned in the paragraph above.  This was requested as a feature in 2009, but the author expresses little interest in the feature and has since closed as “WON’T FIX”, despite offering to help motivated volunteer.  So that discounts ecryptfs.  Luckily encfs does have reversible functionality with the –reverse option.

The other loose end here is a fuse filesystem for mega.  For this, I will be using the megatools (ppa) utilities.

Putting it all together

Here’s a step-by-step procedure.  I assume an mega account is already setup.

Create the reverse mapping on the computer with the originals

mkdir /tmp/MegaDir.enc
encfs --reverse /path/to/data/to/backup /tmp/MegaDir.enc

Sync the encrypted files to mega

megasync -u  <username> -p <password> \
         --local /tmp/MegaDir.enc --remote /Root/<some subdir>
  • You can sync only a subset of fs tree rooted at /tmp/MegaDir.enc and may sync to any directory under the mega /Root directory

Retrieving unencrypted files

Now you want to view these files unencrypted on some other computer.  First install the megatools programs.  Then you may use the megafs program to mount the mega account to the local filesystem and then layer the encfs filesystem over the encrypted diretory to decrypt the files. You will also need the encfs configuration file that was automatically generated above.

scp :/path/to/data/to/backup/.encfs6.xml \
mkdir /media/megafs /media/megafs.encfs
megafs -u  <username> -p <password> \
       --reload /media/megafs
export ENCFS6_CONFIG=$HOME/megafs-encfs6.xml
encfs /media/megafs/path/to/encrypted/directory \
  • Currently megafs does not support read/write on files.  So you can only get a directory listing.  Not so useful.  However there is an ubuntu ppa with packages patched to allow read support for megafs (source).

And presto!  You’ve got decrypted access to your data.  Make sure you store your password in a safe place and backed up!

NOTE: The process is very similar for ecryptfs.


3 Responses to “Encrypted filesystem on Mega.co.nz”

  1. Everytime I try to mount it creates a new folder, is this working right?

  2. hanks for your guide. Actually there is a tool out there with full read/write functionality. https://github.com/matteoserva/MegaFuse It works great for me.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s

%d bloggers like this: