On 04/21/18 09:51, Glenn English wrote:
That's two recommendations for putting the secret in a separate file;
Or how about creating that file, copying it to a CD or USB stick,
hanging it on the wall, clearing out the directory, then mounting it
when you want to use it.
Moving the encrypted file a removable media reduces the amount of time
an adversary can potentially access the file.
zerofree can eliminate the leftover bytes of the original plaintext file
and the original encrypted file:
https://manpages.debian.org/stretch/zerofree/zerofree.8.en.html
https://packages.debian.org/search?keywords=zerofree&searchon=names&suite=all§ion=all
encfs does both mounting and encryption. It is very convenient to use
with a USB flash drive:
https://manpages.debian.org/stretch/encfs/encfs.1.en.html
https://packages.debian.org/search?suite=all§ion=all&arch=any&searchon=names&keywords=encfs
Plus, encfs uses FUSE. FUSE file systems can only be access by the user
who mounted them; even root is blocked. (But, you must consider
attackers who can log in to your UID and/or install daemons running
under your UID.)
David