Simple and de-facto way to encrypt files and directories in Linux
from sapporo@sopuli.xyz to programming@programming.dev on 18 Aug 2024 23:39
https://sopuli.xyz/post/16073696

Namely, de-facto, or one of, in Linux. Mature. No GUI. Open-source and free.

What is it? GPG or anything else?

For a separate file(s), or directory(ies), and not for the entire disk or partition.

#programming

threaded - newest

mox@lemmy.sdf.org on 19 Aug 2024 00:07 next collapse

If you want per-directory encryption, there are several options. This front-end project lists a bunch of them in its Supported Backends section.

(Full disk encryption does have a single conventional answer: LUKS. Many distros offer to set this up at install time.)

You’re posting in a programming community, though, not a linux help community. Are you looking for a library for use in software you’re writing?

sapporo@sopuli.xyz on 19 Aug 2024 12:27 collapse

“I don’t want to encypt them in-place because I’ll be uploading them onto a server, copying them on an external drive.”

Max_P@lemmy.max-p.me on 19 Aug 2024 00:27 next collapse

If you use ext4 or other filesystem that supports fscrypt, you can use fscrypt to encrypt specific directories.

There’s also gocryptfs for a fuse-based userspace implementation.

ZFS has built-in encryption: klarasystems.com/…/openzfs-native-encryption/

arran4@aussie.zone on 19 Aug 2024 01:31 next collapse

This.

Thanks to Meta BTRFS is apparently got/getting it to a certain extent too: youtu.be/6YIc2fVLVPU?si=ngiHWS0fw2zIHf2M

sapporo@sopuli.xyz on 19 Aug 2024 12:27 collapse

I don’t want to encypt them in-place because I’ll be uploading them onto a server, copying them on an external drive.

azthec@feddit.nl on 19 Aug 2024 14:27 collapse

I’ve been using gocryptfs now for a few years and it works fine as you describe.

You initiate the encrypted folder, set up automatic backups for it. Then whenever you want to access it you mount it into another folder.

There is a distinction here between the permanently encrypted folder that you can upload backup whatever, and your temporary mount, unencrypted folder.

If you’re alright with the rare conflicts to fix yourself something like syncthing works well for this setup even across computers.

refalo@programming.dev on 19 Aug 2024 01:03 next collapse

github.com/HACKERALERT/Picocrypt

sapporo@sopuli.xyz on 19 Aug 2024 12:28 collapse

re-read my question carefully

refalo@programming.dev on 19 Aug 2024 15:46 collapse

Sorry I’m not sure I understand what it is you think I’m missing. It’s FOSS, works on Linux, has a CLI, works for both files and directories… please enlighten me what I got wrong?

sapporo@sopuli.xyz on 24 Aug 2024 02:07 collapse

It’s got CLI too - alright. But is it any de-facto, mature, well-known, widely used? What gurantees that it’s as secure as openssl or gpg? It might have plenty of bugs and vulnerabilies.

umami_wasbi@lemmy.ml on 19 Aug 2024 13:41 next collapse

Describe your use case.

sapporo@sopuli.xyz on 24 Aug 2024 02:03 collapse

  1. backups, non-incremental ones
  2. prevent others from viewing information that may be sensitive
  3. encrypted files and directories will then be copied over to external drives and third-party servers
[deleted] on 26 Sep 2024 16:04 collapse

.

anzo@programming.dev on 28 Aug 2024 18:04 collapse

Perhaps rclone.org/crypt/