Secure Delete Wipe files / folders

English Applications
#1

Greetings my excellent friends,
is there a secure delete or a method to wipe & secure delete files in OpenSuse ? I used secure-delete in all Debian based distros, but I can’t find it in here and Google didn’t offer me a solution.
Can you guide me what should I use here for this please ?

#2

shred
wipe
dd

Also see 3 Easy Methods to Securely Delete Files in Linux

#3

Just figured out that secure-delete is actually “srm”
And also shred is already installed.
Now I have to find out what method is the most secure.
Thank you !!

#4

Hello! In openSUSE, you can securely delete files using the “shred” command, which is available by default in most Linux distributions, including openSUSE.

#5

I’ll post some example for anyone stumbling upon this thread :

srm -rvfD Folder
wipe -fvrm verysecure Folder
shred -fvzun 7 File.txt

#6

And when we reached the point to provide obvious information (please consult the man page of every tool you are going to use), this on from the link @hui provided:

Note: Do Not Use Secure Deletion Tools on Solid State Drives (SSDs)

1 Like
#7

If these removal tools should not be used on ssd’s, then what should be used?

#8

https://wiki.archlinux.org/title/Solid_state_drive/Memory_cell_clearing

#9

ok, but this is about how to “sanitize” the entire SSD.
What if I want only some sensitive files or folder ??

#10

When you have read the link provided by @hui , it says: use encryption.

#11

Well, I’m not sure if that is a feasible option for the OP. He seems to be dealing with an existing drive and file structure. Is there any tool to encrypt an existing file system? I haven’t found that. I’d actually be glad to get a different answer.

About not using secure deletion tool on SSD, maybe the explanation should be added:

Users can only write files to an SSD a specific amount of time. When you use secure deletion tools, you only add to the amount of data written on the drive. This could cause the SSD to fail sooner.

So, the OP can at least evaluate what is more important to him: The (shortened) life of his SSD or the actual safe removal of the files in question.

1 Like
#12

Plain device → LUKS2

cryptsetup reencrypt

Some filesystems like ext4 support native encryption that can be enabled per-directory.

#13

Indeed @kasi042, thank you for the observation.
My OS is not encrypted so I was wondering if there is a solution to secure delete files from time to time.
For example I have to save files with passwords or sensitive info from KeepassXC for editing and then reupload them in to the database. And I would like after this to secure delete any trace of that file, without having my whole SSD encrpted.
I had for a period of time an encrypted SSD, but I hate the hassle of always type my long password every time I start or restart the OS.
And I’m talking about my personal laptop that does not leave my home…

#14

Thanks for the info!

#15

If this is the case, why worry about secure deleting a file or folder?

  1. If you normally delete a file the data space used by that file will be eventually overwritten by other data
  2. At the end of life of the device you can secure wipe it completely
  3. If your laptop would be stolen ever from your home the chance that somebody will start to the process of trying to recover deleted files is close to zero especially because it is Linux

To improve 1) you might want to check if Trim is enabled:

#16

yap

$ sudo hdparm -I /dev/sda | grep "TRIM supported"
[sudo] password for root: 
           *    Data Set Management TRIM supported (limit 8 blocks)

I should use this from time to time
$sudo fstrim -v /

#17

fstrim is startet once a week by an fstrim timer:

systemctl list-timers
NEXT                         LEFT               LAST                         PASSED             UNIT                         ACTIVATES                     
Mon 2023-09-18 10:00:00 CEST 16min left         Mon 2023-09-18 09:00:21 CEST 43min ago          snapper-timeline.timer       snapper-timeline.service
Mon 2023-09-18 19:24:28 CEST 9h left            Sun 2023-09-17 19:24:28 CEST 14h ago            snapper-cleanup.timer        snapper-cleanup.service
Mon 2023-09-18 19:29:28 CEST 9h left            Sun 2023-09-17 19:29:28 CEST 14h ago            systemd-tmpfiles-clean.timer systemd-tmpfiles-clean.service
Tue 2023-09-19 00:00:00 CEST 14h left           Mon 2023-09-18 00:00:21 CEST 9h ago             logrotate.timer              logrotate.service
Tue 2023-09-19 00:00:00 CEST 14h left           Mon 2023-09-18 00:00:21 CEST 9h ago             mandb.timer                  mandb.service
Tue 2023-09-19 00:00:00 CEST 14h left           Mon 2023-09-18 00:00:21 CEST 9h ago             mlocate.timer                mlocate.service
Tue 2023-09-19 00:32:03 CEST 14h left           Mon 2023-09-18 00:53:12 CEST 8h ago             check-battery.timer          check-battery.service
Tue 2023-09-19 00:45:12 CEST 15h left           Mon 2023-09-18 01:58:18 CEST 7h ago             backup-rpmdb.timer           backup-rpmdb.service
Tue 2023-09-19 01:51:27 CEST 16h left           Mon 2023-09-18 01:43:18 CEST 8h ago             backup-sysconfig.timer       backup-sysconfig.service
Mon 2023-09-25 00:00:00 CEST 6 days left        Mon 2023-09-18 00:00:21 CEST 9h ago             btrfs-balance.timer          btrfs-balance.service
Mon 2023-09-25 01:21:23 CEST 6 days left        Mon 2023-09-18 00:07:17 CEST 9h ago             fstrim.timer                 fstrim.service
Sun 2023-10-01 00:00:00 CEST 1 week 5 days left Fri 2023-09-01 00:00:01 CEST 2 weeks 3 days ago btrfs-scrub.timer            btrfs-scrub.service