Encrypting a non-empty folder with ecryptfs

I have some folders with a lot of large files inside them and I would like to encrypt them using ecryptfs.

I am wondering if it is possible to mount a folder that already has files (and subfolders with files) in it, or if I have to make a new empty directory, mount that, and then copy the files over, which is what has worked so far, but I would like to avoid due to the amount of data I would have to copy.

Edit: some additional information, I am on Ubuntu 20.04.5, and I would also like to encrypt a similar folder on a network drive, not sure if this would change a possible solution at all

eCryptfs (and basically any on-disk encryption like LUKS, etc) only works by encrypting files and writing the encrypted data to disk. There's no shortcut to avoid writing all the data to disk.

If you were just looking for an instant "encrypted view" of your files (maybe to store remotely only), then EncFS can do that with it's --reverse option:

If you wanted an automated tool to migrate an existing user's home to an ecryptfs encrypted home setup, there is the ecryptfs-migrate-home tool (in the ecryptfs-utils package), but it just automatically creates an encrypted directory, copies the old home into it, then sets it up to be the new home. It has some warnings:

WARNING: Make a complete backup copy of the non-encrypted data to another system or external media. This script is dangerous and in case of an error, could result in data lost, or USER locked out of the system!

This program requires free disk space 2.5x the current size of the home directory to be migrated. Once successful, you can recover most of this space by deleting the cleartext directory.

It sounds like you're already doing ok with manually copying to an encrypted directory, maybe a little automation to copy, verify, then delete a few files at a time would speed things up, but that's a different topic.

If you were just looking for an instant "encrypted view" of your files (maybe to store remotely only), then EncFS can do that with it's --reverse option, however your original files would remain unencrypted on your disk:

Normally EncFS provides a plaintext view of data on demand: it stores enciphered data and displays plaintext data. With --reverse it takes as source plaintext data and produces enciphered data on-demand. This can be useful for creating remote encrypted backups, where you do not wish to keep the local files unencrypted.

For example, the following would create an encrypted view in /tmp/crypt-view.

encfs --reverse /home/me /tmp/crypt-view

You could then copy the /tmp/crypt-view directory in order to have a copy of the encrypted data. You must also keep a copy of the file /home/me/.encfs6.xml which contains the filesystem information. Together, the two can be used to reproduce the unencrypted data:

ENCFS6_CONFIG=/home/me/.encfs6.xml encfs /tmp/crypt-view /tmp/plain-view

Now /tmp/plain-view contains the same data as /home/me

Note that --reverse mode only works with limited configuration options, so many settings may be disabled when used. Incompatible options as for now : Filename Initialization Vector Chaining and External IV Chaining.