I have some financial files (like old tax returns) on my computer that I seldom access and would like to have an extra layer of confidentiality for, so i was looking into how I could easily have an effective separately-encrypted folder for those on my system.

Obviously I could create a separate dm-crypt partition, but since it's probably a small number of files and the total volume I want long term is not very well known (e.g. I might also want to add things like images of important official documents), that doesn't seem like the ideal solution. It seemed like maybe ecryptfs could be the way to go, but I know the use of that for encrypted home directories was deprecated by a while ago and looking at Launchpad it sort of seems abandoned (the last recent revision listed is from 2017). Does anybody know the status or have a better suggestion?

code.launchpad.net/~ecryptfs/e

@internic Another option would be to use good old gnupg. It uses standardized algorithms and protocols, has been thoroughly reviewed and is battle tested. You can be sure to be able to decrypt the files in ten or twenty years.

Follow

@taak Yeah, gnupg is what I've used for individual files, but it would be better to have something that operates on a directory hierarchy rather that individual files (and I'd prefer not having to involve tarballs or zip archives).

I think so long as the tool is open source and relatively widely used I'm not too worried about being able to open the files later. But that's a good general point.

@internic I see. You could create a separate encrypted partition and set it up so, that it's not automatically mounted on boot. Mount it, enter the passphrase, add your files, unmount - done. You could then even backup it using dd into an image file.

Sign in to participate in the conversation
Qoto Mastodon

QOTO: Question Others to Teach Ourselves
An inclusive, Academic Freedom, instance
All cultures welcome.
Hate speech and harassment strictly forbidden.