Under Linux, is it possible to encrypt a folder/partition in a way that it is not accessible to anyone without the password?

• eCryptFS can encrypt your home folder (& subfolders), and automatically decrypt with your login passphrase - root can't just change your passphrase, it needs your actual login passphrase. The ecryptfs-migrate-home script/tool can encrypt an existing home, or many distributions can encrypt a home when a new user's created. It's available for most distributions, Debian, Mint & Ubuntu derived, Arch, Gentoo, etc. And is free to expand it's size.

  Or, it can use just a single encrypted "Private" folder too, with ecryptfs-setup-private

• EncFS encrypts a folder too, but may need more customization for secure auto-decrypt.

• LUKS or plain dm-crypt uses a container file or device, of a fixed size, not as easy to expand as the above file-based solutions, but it doesn't reveal as much info (file number & approximate size) either

• TrueCrypt or derivatives work similar to LUKS

• Many distributions can also be installed with "full disk encryption" (usually using LUKS & LVM), that requires the correct passphrase entered at boot. It's a good solution for a single-user ("personal") computer that doesn't need to reboot all by itself, but on a multi-user computer it would be "decrypted" to every other user too.

You can use dm-crypt for that. You need to create an empty file which will be used as a storage device. You can create one with a specific size with either dd or for example fallocate:

fallocate -l 512M /home/user/cryptedDevice` 
dd if=/dev/zero of=/home/user/cryptedDevice bs=1M count=512

This will create a 512 MB file in your home directory called cryptedDevice. Then you can set luks on top of that file cryptsetup -y luksFormat /home/user/cryptedDevice With Luks you can easily change size of the container etc.

To open the crypted file you can do: cryptsetup luksOpen /home/user/cryptedDevice someDeviceName

Then you need to format this partition with a file system: mkfs.ext4 -j /dev/mapper/someDeviceName

And after that you can simply mount that device to a folder: mount /dev/mapper/someDeviceName /mnt/.

Reference digitalocean

Just a side-note if when running:

cryptsetup -y luksFormat /home/user/cryptedDevice

you get this error:

"Not compatible PBKDF options"

run it with --type luks1

cryptsetup -y luksFormat /home/user/cryptedDevice --type luks1

reference: https://github.com/latchset/luksmeta/pull/10