EncFSman Help

EncFSman Help


With EncFSman you can create encrypted filesystems, define mappings to mount and unmount these filesystems and store passphrases in a secure place. EncFSman automatically detects whether you use SecretServiceKeyring (GNOME and KDE on newer systems), GNOME's keyring or KDE's wallet. If you place EncFSman in your startup folder, the software can automount your defined mappings at login.
EncFSman is a Linux GUI - program, written in Python and using the wxWidgets cross-platform Gui-library.

EncFSman is ideal suited to:

  • create EncFS directories (filesystems) and mappings
  • (auto) mount EncFS mappings
  • unmount EncFS mappings
  • hide your passwords in GNOME's keyring or KDE's wallet

You can find more information about EncFS and examples for the usage here:



To run EncFSman, you need Python >= 2.7.x (not 3.x) and wxPython 3.0.x.x (package python-wxgtk3.0 on Ubuntu) or better installed on your computer. Starting with version 0.50, EncFSman is compatible with Python 3.x. But if you want to run the program with the Python 3.x interpreter, you have to make sure, that the used libraries (wxPython, keyring and pynotify) have Python 3 compatible code too.

EncFSman assumes that the following software packages are installed on your system (essential for mapping mounting):

  • encfs: EncFS integrates file system encryption into the Unix(TM) file system. Encrypted data is stored within the native file system, thus no fixed-size loopback image is required.
  • python-keyring: The Python keyring library provides an easy way to access the system keyring service (e.g Gnome-Keyring, KWallet) from Python. It can be used in any application that needs safe password storage.

In addition it would be wise to install the following packages (not needed, but nice to have):

  • python-notify2: Python interface to the Freedesktop notifications system, which allows programs to display information to the user in an unobtrusive way. Notifications are sent over DBus to a notification daemon, which is responsible for presenting them to the user. If python-notify2 is not available in your distro, install the package python-notify.

EncFSman has been tested on computers running Kubuntu 12.04 Linux (KDE), Ubuntu 11.10 Linux (GNOME) and Mint Linux 18.1 XFCE

...back to Contents


At the very first start of EncFSman, two files will be created in your home directory:

  • EncFSman.ini, which holds all program setting information (i.e. window size and position, column widths, defined mappings and so on) and
  • EncFSman-Action.log, which is a protocol of all actions (create mapping, mount mapping, problems with directories and so on) performed by the program

Later you can decide to store these files elsewhere on your computer (see Misc).

EncFSman works with mount mappings as the main data structure. These mappings define the relation of unencrypted directories (mount points) to encrypted directories (rootdirs). Each mapping has an internal unique identifier key and an associated passphrase in the keyring / wallet.
You can set the 'automount' flag with a mapping. In that case, the mapping is automounted at user logon if EncFSman is in the startup folder.
With a mouseclick on a listcontrol entry you can select a mapping to edit, mount, unmount or delete it (via menu, context menu or shurtcut keystroke).
Mounting or unmountig is also triggered by double clicking the listcontrol entry. A mounted mapping is listed in a highlighted color (for example green) and the 'Mounted' column is set to True (see first entry in screenshot below).

...back to Contents


EncFSman GUI has a main window which is split into two parts. The upper part (allways visible) is for the list of defined mappings and the lower part is for Log messages. You can close and reopen the Log window part (using the View menu) or you can pick and drag these parts around and place them at different positions either inside or outside the main frame.

Main window

The main window includes a menu- and statusbar. With a right click in the mapping list window you can activate the context menu (see screenshot below).

Context menu

And finally, the main window contains the mentioned statusbar, divided into 2 fields. From left to right they are:

  • quick help
  • status led

The status led is implemented to let you know, if the keyring / wallet was accessible (see table).

led color meaning
red the keyring / wallet was unreachable / not opened - so passphrases could not be stored or retrieved
green the keyring / wallet was reachable / opened - so passphrases could be stored or read

...back to Contents

Add / Edit mapping

In the Add / Edit mapping dialog you enter all information needed for an encfs mount mapping.

Add / Edit mapping dialog  

  • Unencrypted dir (read only control): You can click on the 'Browse' button and a select directory dialog will pop up (see screenshot below). You can navigate in the directory tree, select or create and select a directory and you can display hidden directories if you want. Default: no value set
  • Encypted dir (read only control): The same usage as above ... Default: no value set
  • Autocreate: If you choose autocreate, a filesystem will be created at the next mount process if creation is needed. In that case a '-p' parameter (pre-configured paranoia mode) is sent to the encfs binary (for parameters see encfs man page). Default: checked
  • Automount: The automount combo box offers the values 'no' and 'yes'. If you select 'yes', the mapping ist automounted at logon if (a link to) EncFSman is in the startup folder. Default: no
  • Passphrase: With the choosen passphrase the mapping will be astablished and mounted. Passphrases are stored in the automatically detected keyring or wallet. Default: no value set
  • Show passphrase: If this box is checked, the passphrase will be shown as plaintext instead of dots. Default: not checked

Select directory dialog:

Select directory dialog  
...back to Contents


Common program setup is done via the Preferences menu. To get to the menu, use 'Options', 'Preferences', type CTRL-F or use the context menu. The Preferences notebook dialog has 2 tabs.


Preferences - Gui  

  • With grid: when checked, the mapping list window will have light horizontal and vertical lines between the rows and columns. Default: checked
  • Font family: you can select from a list of all fonts, installed on your machine. Default: your selected system font
  • Font size: you can select sizes from 6 to 12 points. Default: 9 points
  • Highlight colour: you can select a highlight colour with a colour chooser for the mounted mappings. Default: kind of green
  • Start minimized: if checked, the application won't start with a popping up main window. There will be a small icon in the system tray instead. This Icon has a context menu, where you can restore the application and so on. Default: not checked
  • Button align: if checked, buttons are aligned as it is default in GNOME or KDE. If unchecked they are centered und streched to fill the width of the dialog. Default: checked
  • Notification: If checked, the EncFSman will contact the home server at startup. If a newer release is available, you will be informed so you can decide to run the update or not. Default: checked
  • Stay in systray: If checked, EncFSman will minimize to the system tray when the close button is pressed. In this configuration, exiting the application is possible by selecting 'File', 'Exit' or by pressing the shortcut CTRL-X. Default: checked
...back to Contents


Preferences - Misc

  • EncFSman ini path (read only control): Preferences are stored in a readable file called EncFSman.ini. Ini-file default directory is the users homepath, i.e. /home/your_username on Linux. You can change this location by starting the application with the command line switch -i.
    Example: encfsman.pyw -i=/tmp. Now the ini file is stored as '/tmp/EncFSman.ini'.
  • Encfs binary path (read only control): the currently selected path to the encfs binary. Default: no value set (see binary path remark below)
  • Encfsctl binary path (read only control): the currently selected path to the encfsctl binary. Default: no value set (see binary path remark below)
  • Fusermount binary path (read only control): the currently selected path to the fusermount binary. Default: no value set (see binary path remark below)
  • Retry count: You can choose a value between 0 and 10. 0 means 'never retry'. With the retry count you can define how often automount will try again, if not all mappings with the flag set to 'yes' could be mounted. Default: 3
  • Multiple instance: if checked, more than one instance of EncFSman is allowed to run. If unchecked, you can not start a second program instance. Default: not checked
  • Update check: EncFSman can automatically check the website on startup if a new program release is available. If so, you will be informed. Default: not checked
  • Action log: the messages from the Log messages sub-window are written to a logfile if checked. The logfile is placed in the users homedir. The name of the logfile is EncFSman-Action.log. Default: checked (see Logfile remark below)

...back to Contents

Binary file remark:
Instead of a path, the values are initially set to the name of the binary. EncFSman will search these binaries along the search path at startup time.

Logfile remark:
Logfiles are written by a RotatingFileHandler with a maxBites size of 64 kB and a backupCount of 4 backups. Rollover occurs whenever the current log file is nearly maxBytes in length. If backupCount is >= 1, the system will successively create new files with the same pathname as the base file, but with extensions ".1", ".2" etc. appended to it. For example, with a backupCount of 4 and a base file name of "app.log", you would get "app.log", "app.log.1", "app.log.2", ... through to "app.log.4". The file being written to is always "app.log" - when it gets filled up, it is closed and renamed to "app.log.1", and if files "app.log.1", "app.log.2" etc. exist, then they are renamed to "app.log.2", "app.log.3" etc. respectively. This is the same technique as you might have seen in the /var/log dir of Linux systems.

The format of a logfile line is:  date  time  -- message i.e.

2012-07-05 17:34:18 -- Add mapping - '/home/mersmann/Private, /data/Dropbox/encrypted, no' added to list

...back to Contents

Final note

All screenshots shown in this document are taken from EncFSman 1.16 running on Linux Mint Serena 18.1 XFCE.

If you like the software, use it (at your own risk). If you have suggestions or encounter bugs - please send me an email. If you do not like the software - throw it away.

Thanks go to

  • Guido van Rossum for the great Python programming language
  • the wxWidget team for their cross-platform GUI Library
  • the wxPython team for their Python wx wrapper, used to create the GUI of EncFSman
  • Michael Foord and Nicola Larosa for their excellent configobj module, used to read / write the program settings
  • Kang Zhang and Jason R. Coombs for their essential keyring module, used to store / retrieve passphrases

EncFSman was designed and coded by Frank Mersmann (frank.mersmann@gmail.com).
Beta tests where conducted and hints were made by Wolfgang Bredow (bredow.w@googlemail.com).


... zurück zu Inhalt