Secure files -- The best way --

Hi,
I am not so sure, where to post this, but as it is not related to any help, just ideas so i will post it in this forum.

Mods: If this is not the best place, please move it to appropriate place which it suits. Tqs.

I have a file with some sensitive data inside, what i can do with it is to keep the user root to make it more secure. And after that encrypt the file. Delete the original and keep the encrypted one. If need some updating later, decrypt it and encrypt it again after update.

So my question is, Is this the best way to make secure a sensitive file?
Is there any other simple way around to do this type of job?

Any ideas and comments are welcome.

Thanks

If it’s just one file you could probably just compress it with a good password, that would be very easy (not sure which compression tool can use passwords though).

A harder way would be to create an encrypted file, mount it as an encrypted partition, copy the file into it, then unmount it. It’s more complicated but can be done with the cryptsetup command (see man cryptsetup).

I hope that’s what you meant, sorry if I misunderstood :).

Otherwise there is truecrypt which is also quite comfortable.
And depending of the filesize there is gpg to encrypt single files…

Sometimes, timing is quite perfect.

  • Yes, there is truecrypt

  • You will not find packages of “truecrypt” in openSUSE and (hopefully) not in OBS, otherwise something went wrong:

[opensuse-buildservice] non-OSI compliant packages in the openSUSE Build](http://lists.opensuse.org/opensuse-buildservice/2008-10/msg00055.html)

Application black list - openSUSE

  • But, there is a rebrand called “realcrypt”, initiated by RPMfusion for Fedora

Truecrypt/Realcrypt is now available from RPMFusion, - FedoraForum.org

and now (since a few hours) available from Packman

PackMan :: Informationen zum Paket realcrypt

BTW:

In general, I would not recommend TrueCrypt (RealCrypt) for Linux-only environments, it makes only sense, if there is a need to use the same encrypted data on Linux/*NIX and Mac/Win, otherwise encryption software already provided by the distribution is clearly the better solution.

Delete the original and keep the encrypted one.

I don’t know how sensitive your data is. And against whom you want to protect the file. When you delete the original it is still on your hard disk and quite easy to recover (at least parts of it). This is provided someone has physical access to your computer.

You can copy the file onto a USB stick (encrypted if you like) and lock that stick away. Then use some disk eraser program to delete it on the hard disk (by multiple overwrites). Beware: when you have edited the file there may already be multiple copies of it, all “deleted” but still available.

A very convenient way of encrypting data (without the need to create a sizely fixed container) is →EncFS.

IronKey Basic USB drive. Very secure but not cheap. Works with various OSes including Linux.