File encryption

Hi, I would like to encrypt some files I have on my pcs.
The intention is to encrypt backup otp codes, curriculums, purchases; personal documents in general. The content should add up to just a handful of MBs.

My current setup is made of a sync node which leverages nextcloud webdav access, my phone and my workstation.

Ideally, I would like to be able to have the files encrypted on every storage, and then be able to decrypt them just for their use. Something like a virtual file system would be fantastic.

I’ve read about pgp, but I’m not 100% sure it is the best solution. Are there any “universally” accepted alternatives?

If pgp is the right way to go, how should I manage access to the files? Should I use a keypair for every end-device and encrypt the files with both pubkeys or not?

Pardon me for all these questions, but I’m a bit confused.

@multiplespaghetti
link
41Y

Solution 1: Create a veracrypt container and put your files in there. Then you can do whatever you want with that file, copy, upload to cloud etc.

Solution 2: use rclone to sync and encrypt a local directory.

Solution 3: EncFS

@clockwise_bit
creator
link
11Y

I already fiddled with container files. I tried with EDS lite from f-droid and cryptsetup on pc.
Files are certainly encrypted, but I am limited by the fact that I need to share a size-fixed container every time instead of just syncing the single file that was changed.

About using rclone, I already use it to setup a device from scratch, as nextcloud is a bit slower while transfering 100GB of files through webdav.

@BlackCentipede
link
1
edit-2
7M

deleted by creator

dandelion
link
31Y

some files I have on my pcs […] nextcloud webdav access, my phone and my workstation

I am not sure that GnuPG is a good solution here. GnuPG is fine for email encryption and for encrypting single files. You could set up e.g. a raspberry pi with Ubuntu (Ubuntu just got certified for the pi, and it works well), and then use home directory encrytion (Which is implemented in Ubuntu and not in many other Linux distros). A quick howto :

  1. Install ubuntu on the pi4 or pi3 and log in with the GUI
  2. sudo apt-get install ecryptfs-utils
  3. log out and log in again
  4. create a new user with the GUI admin tool for that, and enable the encrypt home option while creating the new user If this goes well you can use ssh for that new user and all files in the home folder should be decrypted the moment your new user logs in via ssh or GUI. This might also work fine with sshfs (ssh + FUSE) giving you a virtual filesystem.

Some more info on this : https://wiki.archlinux.org/index.php/ECryptfs#Ubuntu_tools

@clockwise_bit
creator
link
2
edit-2
1Y

I almost forgot. In theory what I need is to encrypt single files, one by one.

I like to keep things tidy and maniacally organized, so I have a folder for bookmarks which are stored in a plaintext file, a folder for my accounting ledger which is stored in plaintext, a folder for org-mode notes and so on.
I tought that encrypting file by file was the best solution here.

@clockwise_bit
creator
link
21Y

A general disk encryption is already in place on the server and on the workstation, thanks to luks. While this is a good recommendation, I think it’s not what I’m looking for.
Thanks for your contribution anyway! I feel like I should have added more details, but I was on the verge of falling asleep and I admittedly sped up things a bit.

@ksynwa
link
21Y

I don’t know what solution would be best for you but

Should I use a keypair for every end-device

I think the best way to use PGP is that one key-pair should map to one person and then you can copy your keys to whichever devices you want to.


If it is something you are not going to be constantly updating, then encrypting with PGP is a good option because it is fairly universal (I use it on Linux and Android pretty seamlessly to manage passwords). If it is something that will need to be regularly updated then I am not sure.

@clockwise_bit
creator
link
11Y

Thanks for clarifying about the best setup for the keys! I didn’t find anything online, I probably used the wrong keywords.

The files would be updated frequently, as the are use to keep track of bookmarks, accounting and so on. On a normal basis, I would edit the accounting file maybe 2 to 3 times a day, not so much honestly. The heavy payload would be the notes. I regularly edit those files through the day to brainstorm, track todos… If I would have to guess, I’d say I update them 20 times a day.
Would this be too much for pgp?

A place to discuss privacy and freedom in the digital world.

Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.

In this community everyone is welcome to post links and discuss topics related to privacy.

Some Rules

  • Posting a link to a website containing tracking isn’t great, if contents of the website are behind a paywall maybe copy them into the post
  • Don’t promote proprietary software
  • Try to keep things on topic
  • If you have a question, please try searching for previous discussions, maybe it has already been answered
  • Reposts are fine, but should have at least a couple of weeks in between so that the post can reach a new audience
  • Be nice :)

Related communities

much thanks to @gary_host_laptop for the logo design :)

  • 0 users online
  • 4 users / day
  • 50 users / week
  • 182 users / month
  • 581 users / 6 months
  • 3.91K subscribers
  • 2.04K Posts
  • 9.62K Comments
  • Modlog