1 |
On Tuesday, 3 July 2018 13:33:27 BST Samuraiii wrote: |
2 |
> On 3.7.2018 13:27, Philip Webb wrote: |
3 |
> > 180703 Alec Ten Harmsel wrote: |
4 |
> >> On Tue, Jul 03, 2018 at 05:47:22AM -0400, Philip Webb wrote: |
5 |
> >>> I have a couple of small files which need to be encrypted : |
6 |
> >>> one is simple text ( .txt ), the other a spreadsheet ( .ods ). |
7 |
> >>> I haven't used encryption like this before : what do others use ? |
8 |
> >> |
9 |
> >> I have used `gpg' to do this before: |
10 |
> >> # Encrypt with a passphrase |
11 |
> >> gpg -c <file> |
12 |
> >> # Decrypt |
13 |
> >> gpg -d <file>.gpg |
14 |
> >> |
15 |
> >> I do have some files I keep encrypted locally |
16 |
> >> that I use `gpg' to encrypt/decrypt, but with my personal key pair. |
17 |
> >> For that, I use a vim plugin [1] that transparently decrypts to `/tmp', |
18 |
> >> lets me edit and then saves back to the original file. |
19 |
> >> This prevents the decrypted contents from ever being on my hard drive, |
20 |
> >> as I have `/tmp' mounted as tmpfs. |
21 |
> > |
22 |
> > Thanks, that's very helpful except that you forgot to append [1] (smile). |
23 |
> > |
24 |
> > I don't need to encrypt the files locally, |
25 |
> > but do need to when I create copies to up-load as off-site back-ups. |
26 |
> > |
27 |
> > Does anyone else have a useful suggestion ? |
28 |
> |
29 |
> Hi, |
30 |
> |
31 |
> there is "reverse" encfs if there are more files to encrypt for backup. |
32 |
> |
33 |
> encfs --reverse ~/dir /tmp/dir |
34 |
> |
35 |
> It will encrypt original files on fly as you read /tmp/dir. |
36 |
> |
37 |
> I used this before (now I backup with duplicity). |
38 |
> |
39 |
> S |
40 |
> |
41 |
> PS: link to arch page with some more info |
42 |
> |
43 |
> https://wiki.archlinux.org/index.php/EncFS#Encrypted_backup |
44 |
|
45 |
|
46 |
If you use gpg -c then the symmetric key is stored in ciphertext of the |
47 |
resulting file. You can use a salt and multiple iterations to make it more |
48 |
secure (check --s2k-mode and --s2k-count in the fine manual) against brute |
49 |
force attacks. |
50 |
|
51 |
If you use gpg -e for asymmetric encryption, then the private key remains |
52 |
yours to store securely offline. Asymmetric encryption is computationally |
53 |
expensive, so it wouldn't be used for backing up a whole filesystem with loads |
54 |
of files, but could be used to encrypt the back up key and similarly small in |
55 |
size but sensitive data. |
56 |
|
57 |
You can also use openssl for the same purpose. |
58 |
|
59 |
For the odd file I use gpg -e and shred to delete securely the decrypted file |
60 |
from the disk after I have finished reading it (some times my tmpfs is on |
61 |
disk). |
62 |
|
63 |
Libreoffice can also use gpg to encrypt your files. Look for the option on |
64 |
the File/Save As pop up. |
65 |
|
66 |
-- |
67 |
Regards, |
68 |
Mick |