Leap 15.5.
I’m starting to share my laptop with somebody else. He also has root/sudo. I need to encrypt a dozen of private files (not directories). They are ascii/text and spreadsheets.
Should I use gpg or openssl which looks quite old 1.1.1l?
Thanks
You will have to decide that for yourself.
If I were considering this, I would probably go with"gpg". But I might also look at Plasma Vaults.
If it were me, I wouldn’t assume that an encrypted format is sufficient. I would use external storage and just not store the files on a shared system.
If you’re asking the question about which encryption tool to use (it appears you’re looking for strong encryption), you’ll prevent them from accessing the files entirely if they’re not on the system to begin with.
Easier solution all around, and you don’t have to have a decrypted copy on the system at all (that which is deleted is often recoverable).
1 Like
I was ‘kind of thinking’ about encrypted on a usb external drive, but I have forgotten/lost usb sticks on occasionS.
My other problem with usb sticks is the backups. The laptop is regularly backed up (weekly).
Thanks
Fair points. Maybe then look at something like Veracrypt to create an encrypted filesystem in a single file. You can do something like allocate 10 MB (or 100 MB or whatever is needed for your files), and then have that be encrypted with Veracrypt, which can be installed from the repos.
The single file is then mounted as a filesystem when you need it, and you can enter a password to encrypt it.
When you are ready to log out, dismount the encrypted volume, and as it’s just a file in the filesystem, it will get backed up as a single file in the weekly backup, and it prevents you from having something that’s recoverable for these sensitive files.
Good. I didn’t know about truecrypt/veracrypt.
Which encryption do you suggest? I’m not keeping state secrets, I’m only trying to prevent prying eyes.
Thanks
Pretty much any of the algorithms will suffice for your needs - the developers removed the less secure ones from Veracrypt’s predecessor (Truecrypt). The defaults (AES and HMAC-SHA-512) are generally good unless you have other needs that they don’t meet (sounds like you probably don’t).
You might benchmark the different algorithms on your system just to see what the performance will look like. In my use case (I use full disk encryption with it), I don’t see any real performance hit in using it, even on my older systems where I first started using it.
Thanks for taking the time
1 Like