I have some financial files (like old tax returns) on my computer that I seldom access and would like to have an extra layer of confidentiality for, so i was looking into how I could easily have an effective separately-encrypted folder for those on my #LinuxMint system.
Obviously I could create a separate dm-crypt partition, but since it's probably a small number of files and the total volume I want long term is not very well known (e.g. I might also want to add things like images of important official documents), that doesn't seem like the ideal solution. It seemed like maybe ecryptfs could be the way to go, but I know the use of that for encrypted home directories was deprecated by #Ubuntu a while ago and looking at Launchpad it sort of seems abandoned (the last recent revision listed is from 2017). Does anybody know the status or have a better suggestion?
@frankie That's true. I was aware of Cryptomator but had it in my mind as "for cloud storage" so it didn't come to mind as an option here. I'll have to consider it.
@frankie Yeah, this seems like a pretty good option, now that I've looked at it. The crypto seems solid (to me as a non-expert, but it's also been audited) and it's cross-platform with even Android and iOS implementations. It seems like it offers something functionally pretty similar to Tomb (the other option several people suggested) but in a more user-friendly package.
@internic
Cool. Glad i helped.
@internic
Consider Tomb: https://mastodon.online/@blueghost/112478242520016365
Encrypted file can be expanded if more space is needed.
@internic
I'm very happy with gocryptfs.
Functions like encfs but is under active developement, as far as I know.
@dexternemrod Looks interesting, but maybe also pretty new (just based on a quick glance at Gitlab). Sounds technically promising, with the standard use of authenticated encryption. Is it widely used?
@internic
100% of my computers use it 😄
Nah serious, can't tell if the general usage already counts as battle tested. What I like is that it is compatible with DroidFS so I can sync the encrypted folders and use them also on my phone.
@internic
Easiest might be to put them all in a folder, then in Nemo right-click the folder and select Compress... Select a compression type of .7z and you get options for a password, and also an option to encrypt the enclosed index. I don't think you can hide the file sizes though.
A couple of addenda:
1. It does seem like Synology actively uses eCryptFS for encrypted folders, so maybe it is not as abandoned as it looked.
2. I also saw discussion of EncFS, but there also seemed to be indications that that was abandoned.
3. I I'm viewing this as separate from the issue of encrypting the entire partition with all my files, because the point is to have these files encrypted with a separate passphrase. Since they seldom need to be accessed, this will hopefully add a bit more confidentiality. For the same reason, performance isn't much of a concern.
4. I realize that the data may still sometimes be present in swap, but again if the assumption is that access is infrequent this is at least only rarely the case.
5. I know that for specific file types the files or certain applications there may be a mechanism for password protection or similar measures, but I figured it made sense to just have a generic solution for arbitrary files.