Results 1 to 7 of 7

Thread: What's the easiest way to encrypt files / folders to a password-protected image?

  1. #1
    Join Date
    Jan 2009
    Location
    Romania, Bucharest
    Posts
    755

    Default What's the easiest way to encrypt files / folders to a password-protected image?

    I have an external hard drive to which I want to backup some of my data. Although no one's likely to touch my primary computer, I wouldn't want someone messing with my data on the backup drive. So I want to password protect the important files there. Initially I was hoping ext4 would allow simply setting a password to a folder, but it's not as easy as that. I could make a password protected zip file... but the data I have is nearly 400GB, and creating / updating such an archive could take a day. Plus that I had cases of large archives becoming corrupted when updating individual files in them.

    The only way is apparently to encrypt the folder or partition... but from what I read I couldn't come to any conclusion. There are many crypt tools, and all of them require a fancy setup I can't understand. I need something consistent, that I don't have to worry about having issues mounting / unmounting or the image becoming corrupt. I'm also undecided whether to make an encrypted partition or an encrypted mountable image... though I'd rather go for the second option. I do however need to be able to work with it in realtime (mount it and add / remove / update files and folders like on any drive). I also want my image to be protected by password, NOT a ssh key or any separate file I'd need to use to unlock it. Maybe something that works with the normal mount / umount commands like iso images?

    So my question is: What is the most common tool used to encrypt data to an image? By common I mean an implementation that's available by default on any Linux distribution, that most people use and which is popular, that's most consistent and stable, and which is still under development or at least being maintained. Then what are the steps to create an encrypted image and mount / unmount it, which I can then work with freely? I'm looking for something as simple as possible, that works with simple and clear commands.
    openSUSE Tumbleweed x64, KDE Framework 5

  2. #2
    Join Date
    Aug 2010
    Location
    Chicago suburbs
    Posts
    12,611
    Blog Entries
    3

    Default Re: What's the easiest way to encrypt files / folders to a password-protected image?

    Quote Originally Posted by MirceaKitsune View Post
    So my question is: What is the most common tool used to encrypt data to an image?
    I'm not sure about "most common".

    At present, I am backing up using "dar" which creates an archive file containing whatever I am backing up. There's an encryption option to "dar". The external drive itself is NTFS, so that it can also be used with Windows (where I use "acronis" for backups).

    The other alternative that I have considered is to use a LUKS encrypted partition. Mounting is not too difficult:

    Code:
    # cryptsetup luksOpen /dev/sdb1 backups
      ##### you are prompted for encryption key here
    # mount /dev/mapper/backups /mnt   ## or wherever else you want to mount it.
    and to unmount
    Code:
    # umount /mnt
    # cryptsetup luksClose backups
    You can use "cryptsetup luksFormat" to initially setup the partition. Follow that with the "luksOpen" indicated above, and then use "mkfs" to create the file system.

    Another alternative, if you only have a few sensitive files:
    install ecryptfs-utils

    setup an ecryptfs Private filesystem.

    Keep your important files in $HOME/Private
    to backup, you should backup $HOME/.Private

    To restore, make sure that your "Private" directory is not mounted, then restore ".Private", then mount your "Private" directory.
    openSUSE Leap 15.1; KDE Plasma 5;
    testing Leap 15.2Alpha

  3. #3
    Join Date
    Feb 2009
    Location
    Spain
    Posts
    25,547

    Default Re: What's the easiest way to encrypt files / folders to a password-protectedimage?

    On 2012-12-05 13:16, MirceaKitsune wrote:
    > I do however need
    > to be able to work with it in realtime (mount it and add / remove /
    > update files and folders like on any drive). I also want my image to be
    > protected by password, NOT a ssh key or any separate file I'd need to
    > use to unlock it. Maybe something that works with the normal mount /
    > umount commands like iso images?


    You are describing LUKS.

    You encrypt a partition, and once mounted, you access it as any other
    partition. The YaST partitioner can do it (mind that the partition is
    empty, it destroys data).

    It can be an external device via USB, for example, and when you plug it
    in kde or gnome should simply ask for the password and you are ready to
    use it.

    --
    Cheers / Saludos,

    Carlos E. R.
    (from 12.1 x86_64 "Asparagus" at Telcontar)

  4. #4
    Join Date
    Jan 2009
    Location
    Romania, Bucharest
    Posts
    755

    Default Re: What's the easiest way to encrypt files / folders to a password-protectedimage?

    Quote Originally Posted by robin_listas View Post
    On 2012-12-05 13:16, MirceaKitsune wrote:
    You are describing LUKS.

    You encrypt a partition, and once mounted, you access it as any other
    partition. The YaST partitioner can do it (mind that the partition is
    empty, it destroys data).

    It can be an external device via USB, for example, and when you plug it
    in kde or gnome should simply ask for the password and you are ready to
    use it.

    --
    Cheers / Saludos,

    Carlos E. R.
    (from 12.1 x86_64 "Asparagus" at Telcontar)
    That sounds very much like what I'm looking for. I could make the entire drive that way, sure. So the openSUSE partitioner should allow me to format the external drive to an enxrypted partition format, give it a password, and whenever I plug it in on any Linux machine it just asks for that password to mount it? I'll try that soon if so, thanks!

    [EDIT] Partitioner asks me to install pam_mount when I try to encrypt... apparently only the 32bit version of that comes pre-installed with openSUSE. Might try this all on a virtual machine first to be safe, but I'll post here what results I get.
    openSUSE Tumbleweed x64, KDE Framework 5

  5. #5
    Join Date
    Dec 2008
    Location
    Athens
    Posts
    296

    Default Re: What's the easiest way to encrypt files / folders to a password-protectedimage?

    Another cross platform, secure and easy option is truecrypt (or realcrypt which is actually the same). It also creates an encrypted file container, it is available for linux, windows and mac, and is quite easy to setup. Has a simple GUI, but also CLI and you can use keyfiles, which I find often better than memorizing endless password stings.
    Main box: OpenSuse 12.3)/KDE 4.10 64bit
    Older Box: OpenSuse 12.2/KDE 4.8.5 64bit (my mediabox)
    Laptop: Debian Wheezy/KDE 4.8.4 64bit

  6. #6
    Join Date
    Jul 2008
    Location
    Seattle, WA
    Posts
    17,054

    Default Re: What's the easiest way to encrypt files / folders to apassword-protected image?

    On Wed, 05 Dec 2012 12:16:02 +0000, MirceaKitsune wrote:

    > The only way is apparently to encrypt the folder or partition... but
    > from what I read I couldn't come to any conclusion.


    encfs is what I use to encrypt directories. I also use truecrypt to do
    partition/device-level encryption on my archival drive.

    encfs is a FUSE filesystem and it's pretty straightforward to use and set
    up.

    Jim
    --
    Jim Henderson
    openSUSE Forums Administrator
    Forum Use Terms & Conditions at http://tinyurl.com/openSUSE-T-C

  7. #7
    Join Date
    Feb 2009
    Location
    Spain
    Posts
    25,547

    Default Re: What's the easiest way to encrypt files / folders to a password-protectedimage?

    On 2012-12-05 19:46, MirceaKitsune wrote:


    > That sounds very much like what I'm looking for. I could make the
    > entire drive that way, sure. So the openSUSE partitioner should allow me
    > to format the external drive to an enxrypted partition format, give it a
    > password, and whenever I plug it in on any Linux machine it just asks
    > for that password to mount it? I'll try that soon if so, thanks!


    Yes.

    However, a side effect of using the yast partitioner is that it will
    write entries in /etc/crypttab and /etc/fstab. It is probably best to do
    it manually. Or, on second thoughts, use yast, then comment out both
    entries.

    Ugh. I'm familiar with doing it in my ways, but I don't know how it
    would be easier for normal people :-)


    --
    Cheers / Saludos,

    Carlos E. R.
    (from 12.1 x86_64 "Asparagus" at Telcontar)

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •