Answers to: encrypting file or all data on hard drive

Answer by tallship

tallship — Mon, 24 May 2010 22:03:44 -0400

All of the above answers are great!

But all you really have to do is:

$ chmod -Rv 400 ~/.privdata

Where .privdata is the hidden directory tree you are concerned with(Hiding the directory only serves the "out of sight, out of mind" aspect, but every little bit of obfuscation adds some extra layer of security).

That leaves only one user to concern yourself with, and that's the Superuser - if that's you, then:

# chmod -Rv 400 /root/.privdata

Should fix everything up nicely, without having to even worry about ecrypting the data since it is now inaccessible unless you get 0wn3d by a h4x0r, but there's more ;)

Regardless of which methodology (or combination thereof) you choose (and you may want to mix for example, gpgdir or truecrypt with the methodology I've just provided you with), there's an often forgotten goodie that I regularly use (DO NOT FORGET THAT YOU HAVE DONE THIS) to make the file completely immutable:

$ man chattr

Be careful with this - it is only for the most paranoid and it is akin to hard-coding data on your hard drive - so again, if you use it, don't forget that you have.

I hope that helps!

Kindest regards,

Bradley http://NorthTech.US

Answer by Randy 2

Randy 2 — Fri, 21 May 2010 14:51:28 -0400

Ron, thanks for the informative post. I was considering encrypting my home directory with TrueCrypt, but now I don't see the point.

Answer by Ron

Ron — Tue, 11 May 2010 19:20:25 -0400

To those using TrueCrypt, Google "Evil Maid Attack" (no quotation marks).

Answer by Gareth

Gareth — Tue, 11 May 2010 08:58:01 -0400

Well, with Ubuntu, you actually have the option on installing the operating system (since 9.10) to have your home directory always encrypted. This means that all data saved in your /home/username directory is unreadable by anyone. Ubuntu will automatically un-encrypt your home directory when you log in and re-encrypt when you log out.

(In technical terms, your data is actually stored as a mountable image in an encrypted format. When you login your encrypted data is mounted to be immediately accessible, so if you log out or lose power or whatever, your data is still encrypted because it needs to be remounted on boot each time which is a quick and relatively painless task for the OS to do)

Answer by max

max — Fri, 07 May 2010 17:38:08 -0400

use gpgdir does a very good job; google "gpgdir"

Answer by carlicuslinux

carlicuslinux — Tue, 04 May 2010 19:22:51 -0400

I have been using TrueCrypt as well for a few months and it works great.

Answer by mithrandir9x

mithrandir9x — Tue, 04 May 2010 16:35:00 -0400

I've been using truecrypt for quite some time now, without issue. Both whole drives and individual directories and easy to use. Even on windows machines.

Answer by Tom Funke

Tom Funke — Tue, 04 May 2010 13:13:33 -0400

You can use encrypted filesystem with LUKS (cryptosetup).

http://code.google.com/p/cryptsetup/

or google for "cryptsetup luks howto"

advantage: built-in in kernel

you can encrypt containers too (loop device)

Answer by feinom

feinom — Tue, 04 May 2010 04:39:45 -0400

You can use TrueCrypt or EncFS for this as well.

TrueCrypt: http://www.truecrypt.org/

EncFS: http://www.arg0.net/encfs

I'm sure there are lots of tutorials available for both :)

Answer by Jub

Jub — Tue, 04 May 2010 02:50:49 -0400

Well to encrypt a single file, you can use gpg:

$ gpg -c filename

It should then prompt for a passphrase or password for it. Though, to encrypt entire directories, I think you may have to compress it first.

The quickest way I can think of that'll encrypt files as you place them in a directory is writing a script that is constantly waiting for new files to be placed in said directory, and it then encrypts it and continues to wait for more. But that method would probably be pretty process heavy for a simple directory that encrypts files as they're placed in.