eCryptfs (and basically any on-disk encryption like LUKS, etc) only works by encrypting files and writing the encrypted data to disk. There's no shortcut to avoid writing all the data to disk.
If you were just looking for an instant "encrypted view" of your files (maybe to store remotely only), then EncFS can do that with it's --reverse
option:
If you wanted an automated tool to migrate an existing user's home to an ecryptfs encrypted home setup, there is the ecryptfs-migrate-home
tool (in the ecryptfs-utils
package), but it just automatically creates an encrypted directory, copies the old home into it, then sets it up to be the new home. It has some warnings:
WARNING: Make a complete backup copy of the non-encrypted data to another system or external media. This script is dangerous and in case of an error, could result in data lost, or USER locked out of the system!
This program requires free disk space 2.5x the current size of the home directory to be
migrated. Once successful, you can recover most of this space by deleting the cleartext
directory.
It sounds like you're already doing ok with manually copying to an encrypted directory, maybe a little automation to copy, verify, then delete a few files at a time would speed things up, but that's a different topic.
If you were just looking for an instant "encrypted view" of your files (maybe to store remotely only), then EncFS can do that with it's --reverse
option, however your original files would remain unencrypted on your disk:
Normally EncFS provides a plaintext view of data on demand: it stores enciphered data
and displays plaintext data. With --reverse it takes as source plaintext data and
produces enciphered data on-demand. This can be useful for creating remote encrypted
backups, where you do not wish to keep the local files unencrypted.
For example, the following would create an encrypted view in /tmp/crypt-view.
encfs --reverse /home/me /tmp/crypt-view
You could then copy the /tmp/crypt-view directory in order to have a copy of the
encrypted data. You must also keep a copy of the file /home/me/.encfs6.xml which
contains the filesystem information. Together, the two can be used to reproduce the
unencrypted data:
ENCFS6_CONFIG=/home/me/.encfs6.xml encfs /tmp/crypt-view /tmp/plain-view
Now /tmp/plain-view contains the same data as /home/me
Note that --reverse mode only works with limited configuration options, so many
settings may be disabled when used. Incompatible options as for now : Filename
Initialization Vector Chaining and External IV Chaining.