|
I wish to encrypt certain files or even better all data files that I create and download to my Ubuntu laptop in order to protect them from unauthorized users. What are my options? What are problems to watch out for? Is there any program that will encrypt/decrypt everything going in and out of specific directories on the hard disk transparently? |
|
You can use TrueCrypt or EncFS for this as well. TrueCrypt: http://www.truecrypt.org/ EncFS: http://www.arg0.net/encfs I'm sure there are lots of tutorials available for both :) |
|
You can use encrypted filesystem with LUKS (cryptosetup). http://code.google.com/p/cryptsetup/ or google for "cryptsetup luks howto" advantage: built-in in kernel you can encrypt containers too (loop device) |
|
Well to encrypt a single file, you can use gpg: It should then prompt for a passphrase or password for it. Though, to encrypt entire directories, I think you may have to compress it first. The quickest way I can think of that'll encrypt files as you place them in a directory is writing a script that is constantly waiting for new files to be placed in said directory, and it then encrypts it and continues to wait for more. But that method would probably be pretty process heavy for a simple directory that encrypts files as they're placed in. gpg-zip is a way to compress directories.
(04 May '10, 18:36)
Web31337
|
|
I've been using truecrypt for quite some time now, without issue. Both whole drives and individual directories and easy to use. Even on windows machines. |
|
I have been using TrueCrypt as well for a few months and it works great. |
|
Well, with Ubuntu, you actually have the option on installing the operating system (since 9.10) to have your home directory always encrypted. This means that all data saved in your /home/username directory is unreadable by anyone. Ubuntu will automatically un-encrypt your home directory when you log in and re-encrypt when you log out. (In technical terms, your data is actually stored as a mountable image in an encrypted format. When you login your encrypted data is mounted to be immediately accessible, so if you log out or lose power or whatever, your data is still encrypted because it needs to be remounted on boot each time which is a quick and relatively painless task for the OS to do) |
|
All of the above answers are great! But all you really have to do is:
Where .privdata is the hidden directory tree you are concerned with(Hiding the directory only serves the "out of sight, out of mind" aspect, but every little bit of obfuscation adds some extra layer of security). That leaves only one user to concern yourself with, and that's the Superuser - if that's you, then:
Should fix everything up nicely, without having to even worry about ecrypting the data since it is now inaccessible unless you get 0wn3d by a h4x0r, but there's more ;) Regardless of which methodology (or combination thereof) you choose (and you may want to mix for example, gpgdir or truecrypt with the methodology I've just provided you with), there's an often forgotten goodie that I regularly use (DO NOT FORGET THAT YOU HAVE DONE THIS) to make the file completely immutable:
Be careful with this - it is only for the most paranoid and it is akin to hard-coding data on your hard drive - so again, if you use it, don't forget that you have. I hope that helps! Kindest regards, Bradley http://NorthTech.US . |
Please accept an answer so the question/answer can be finished. Or provide more details so we can help.