| 1 |
On Tuesday, 3 July 2018 13:33:27 BST Samuraiii wrote: |
| 2 |
> On 3.7.2018 13:27, Philip Webb wrote: |
| 3 |
> > 180703 Alec Ten Harmsel wrote: |
| 4 |
> >> On Tue, Jul 03, 2018 at 05:47:22AM -0400, Philip Webb wrote: |
| 5 |
> >>> I have a couple of small files which need to be encrypted : |
| 6 |
> >>> one is simple text ( .txt ), the other a spreadsheet ( .ods ). |
| 7 |
> >>> I haven't used encryption like this before : what do others use ? |
| 8 |
> >> |
| 9 |
> >> I have used `gpg' to do this before: |
| 10 |
> >> # Encrypt with a passphrase |
| 11 |
> >> gpg -c <file> |
| 12 |
> >> # Decrypt |
| 13 |
> >> gpg -d <file>.gpg |
| 14 |
> >> |
| 15 |
> >> I do have some files I keep encrypted locally |
| 16 |
> >> that I use `gpg' to encrypt/decrypt, but with my personal key pair. |
| 17 |
> >> For that, I use a vim plugin [1] that transparently decrypts to `/tmp', |
| 18 |
> >> lets me edit and then saves back to the original file. |
| 19 |
> >> This prevents the decrypted contents from ever being on my hard drive, |
| 20 |
> >> as I have `/tmp' mounted as tmpfs. |
| 21 |
> > |
| 22 |
> > Thanks, that's very helpful except that you forgot to append [1] (smile). |
| 23 |
> > |
| 24 |
> > I don't need to encrypt the files locally, |
| 25 |
> > but do need to when I create copies to up-load as off-site back-ups. |
| 26 |
> > |
| 27 |
> > Does anyone else have a useful suggestion ? |
| 28 |
> |
| 29 |
> Hi, |
| 30 |
> |
| 31 |
> there is "reverse" encfs if there are more files to encrypt for backup. |
| 32 |
> |
| 33 |
> encfs --reverse ~/dir /tmp/dir |
| 34 |
> |
| 35 |
> It will encrypt original files on fly as you read /tmp/dir. |
| 36 |
> |
| 37 |
> I used this before (now I backup with duplicity). |
| 38 |
> |
| 39 |
> S |
| 40 |
> |
| 41 |
> PS: link to arch page with some more info |
| 42 |
> |
| 43 |
> https://wiki.archlinux.org/index.php/EncFS#Encrypted_backup |
| 44 |
|
| 45 |
|
| 46 |
If you use gpg -c then the symmetric key is stored in ciphertext of the |
| 47 |
resulting file. You can use a salt and multiple iterations to make it more |
| 48 |
secure (check --s2k-mode and --s2k-count in the fine manual) against brute |
| 49 |
force attacks. |
| 50 |
|
| 51 |
If you use gpg -e for asymmetric encryption, then the private key remains |
| 52 |
yours to store securely offline. Asymmetric encryption is computationally |
| 53 |
expensive, so it wouldn't be used for backing up a whole filesystem with loads |
| 54 |
of files, but could be used to encrypt the back up key and similarly small in |
| 55 |
size but sensitive data. |
| 56 |
|
| 57 |
You can also use openssl for the same purpose. |
| 58 |
|
| 59 |
For the odd file I use gpg -e and shred to delete securely the decrypted file |
| 60 |
from the disk after I have finished reading it (some times my tmpfs is on |
| 61 |
disk). |
| 62 |
|
| 63 |
Libreoffice can also use gpg to encrypt your files. Look for the option on |
| 64 |
the File/Save As pop up. |
| 65 |
|
| 66 |
-- |
| 67 |
Regards, |
| 68 |
Mick |
Archives