I would like to protect a folder that contains a few private documents. I don’t care if the folder is hidden or not…all I really want is that the documents are encrypted and easily decrypted. I have looked at very many possibilities but most of them either want to encrypt a whole drive or work with hidden containers. If you wanted a simple way to protect a folder how would you do it??
Thanks for any answers!!!
Loving this tool since its alpha version:
It creates something like a virtual drive. To the user, i.e. you, it seems like a folder. In reality, it is a folder, but all the content is gibberish, until you decrypt it.
Create a “vault” file in VeraCrypt (forked TrueCrypt - which is no longer being developed)…
i.e. a file that’s really an encrypted storage “thing”…
you could even “mask” it as something else… e.g. my-home-movie.mpg …
I was just playing with Vera Crypt again last night - trying to figure out how to share encrypted thumb drive across Mac and Linux (and maybe even Windows, but not necessary)… But I did that at the drive/device level…
I was however, recently, using VeraCrypt to open and mount “crypt files” as virtual drives on Linux (but I stopped - it was too unwieldy - I prefer WHOLE drive encryption, its less work overall - easier)… But if I’m putting customer data onto a thumb drive, I want to make DAMN sure it’s encrypted…
I think you can also encrypt files (e.g. a tar.gz file) on the CLI if you wanted… then of course there’s always password protected ZIP or ARJ files (but don’t ask me about this - I don’t have winrar anywhere :
Thank you for answering!
Just one question…why is it better to encrypt a whole device? If I did that on the disk that contains my personal documents it would mean that about 120000 photos also get encrypted. I could of course move my documents to another disk…but there I have my music collection…so same problem.
No - you can use a “file” - instead of a device as a “crypt”…
It can get unwieldy - if for example, you decide you need 1 GB of space in your “crypt” - the crypt file will use that and more on disk, but you could also run out of space inside the crypt if you data grows more than 1 GB in size…
But if you’re confident you won’t need more than 1 GB (or whatever arbitrary size you decide on) - then go for that?
I picked a file that already existed, and I didn’t care about :
Chose SHA-256 (instead of default of 512) :
Obviously my password is not that string :
(you can use Keyfiles if you want - that’s probably overkill)
Chose exFat - can be used on most platforms :
I chose this so I can open it on Mac or Linux (and maybe even Windows) :
Then “Next” - it will ask you to create some randomness by moving your mouse around a bit - once you get sick of doing that - just hit “Format” :
Some of that screenshot ordering could be wrong - yeah - I think some of it is very wrong… but you get the idea…
I certainly do! Thank you for going to all of that trouble for me!
The files I want to protect are less than 100mb so having enough free space is not a problem at all. What I don’t understand is how it could work for example with my photo collection. Altogether it is about 450gb…so I would need a huge vault. I have no idea if it is possible to encrypt such a large amount…and how long it would take. If everything was encrypted and I wanted to search for a photo, is that even possible? Would it take much longer? Perhaps the solution is to encrypt a whole device, but if at some point some error happens then you can lose the complete device?
Questions over questions… XD
For 450 GB - I’d strongly suggest “the whole device” - and - preferably empty at the time of creation (I’d imagine it would take days to scramble 450 GB “on the fly”)…
@Akito 's confirmed this - e.g. with AES encryption on ZFS - it’s only “busy” when you’re not (i.e. it uses idle time to do its stuff - so it doesn’t slow you down)…
I’d suggest - VeryCrypt for “smallish” stuff, on the fly, with ARCHIVE “files” (not devices)
For Linux only use cases :
- LUKS - or -
- ZFS encrypted
(note - you won’t be able to read LUKS or ZFS encrypted on other non-Linux computers - it may be possible on Mac, but probably not Windows - I have “paid” software on my Mac M1 that can read and write EXT including LUKS - but not ZFS).
Veracrypt or Truecrypt would probably work on “whole device too”, but I haven’t used it on this scale - so I can’t really comment.
If I was “in your shoes” - I’ve be investigating the purchase of at least 1 TB of storage - and - before copying ANYTHING to it - encrypt it using some “open source” product (like VeraCrypt - you can get binaries for Wintel, Mac, Linux, ARM et cetera) - then maybe make the VeraCrypt “crypt” fat32, NTFS or exFAT, so you can read it on other “non-Linux” computers more easily…
Yes, but not sure how much ZFS applies to stuff like VeraCrypt. However, in this case it probably fits.
That said, I would generally recommend Cryptomator over VeraCrypt in such situations, as the original goal of this thread was to find a way to “encrypt a folder”, which Cryptomator is way closer to. VeraCrypt bumps it up to Level 9, by bringing additional expert features and possible complications in, that someone who just wants an “encrypted folder” usually wouldn’t care much about. Cryptomator is pretty minimalistic, straight-forward, easy to use and easy to understand.
I use both Cryptomator and VeraCrypt regularly. Coincidentally, I use a 300GB VeraCrypt volume with fixed length. Works fine and isn’t slow or anything. But I definitely hat to put more work and thought into getting this volume running than the Cryptomator folders I have.
If someone just wants to simply encrypt a folder, without all the bells and whistles e.g. VeraCrypt delivers, then I would prefer recommending Cryptomator.
If you want to stop prying eyes. Just secure the folder by going to the terminal and typing:
chmod 700 foldername
Then only you can access the folder.
That’s only a file-system level protection in the OS, but does not do any encryption…
His message started with “I would like to protect a folder that contains a few private documents.”
If he uses encryption and he forgets the key he is in trouble.
“His”? I got the impression Ute was a she, and in this case, probably far far safer to go with gender neutral pronoun : “Their”…
0700 attribute doesn’t really cover this requirement… you could make a subfolder in there with 0700 and then have all the files in there 0600 - but - they’re still not encrypted and root (or UID of the “owner”) can run a simple find, and find them :
Imagine your USB drive with some compromising details falls out of your pocket at a trainstation and some unscrupulous person finds it? 0700 is hardly going to stop them…
– also –
To the “OP” @Ute - this is a great topic, I’m learning stuff here too - going to check out that product @Akito suggested : Cryptomator…
– back again –
I checked Cryptomator out - it’s so easy - just don’t forget your passphrase - but - it does present you with a rescue solution… In your case @Ute - I’d suggest Cryptomator… I just checked it out with a folder I keep on one of my ResilioSync “shares”… Using CryptoMator, I can access the contents from Mac, Linux desktop - but if I try to look at the same folder from “elsewhere” (e.g. Raspberry Pi without CryptoMator [apparently there’s a CLI only arm client[) what I can see - isn’t quite “garbage” - but it’s definitely NOT the data I encryped… If I want to see that data - I need the CryptoMator client running and it mounts my Crypt in ~/.local/share/Crypomator/mnt/… On the mac, it uses “MacFUSE” (which I already installed to get exFAT working “better” with VeryCrypt) to mount my Crypt in /Volumes/…
I apologize for butting in.
Guess I’ll have to change my handle to UnixTheir.
Gender neutral. Nuts.
Everybody is so sensitive anymore.
Yes, too many people are nuts with the gender madness and it is stupid. However, calling Daniel “sensitive” is just as stupid as what you unsuccessfully tried to attack.
Additionally, you only focused on a single sentence that was just mentioned by the way to emphasize your narrowed field of view, instead of just ignoring it and proceeding to speak about the factual, on-topic layer of the conversation.
So, again, you not only unsuccessfully tried to attack something stupid, you also behaved stupid and sensitive yourself.
I would advise to both of you to just skip the talk about the aforementioned topic, because there is no winning or losing, either way.
I used to use VeraCrypt. I now use SiriKali. It creates a folder then encrypts the folder contents. The advantage is that like any other folder or directory, you don’t have to guess at the size. Some might object that in order to use it, you make the contents available by decrypting, and contents remain visible until you close it. For my home use, this is not a problem unless you are worried about spyware.
Nothing wrong with VeraCrypt, SiriKali has the advantage of not having to create a container and guessing the size.