On Tuesday, 3 July 2018 13:33:27 BST Samuraiii wrote:
> On 3.7.2018 13:27, Philip Webb wrote:
> > 180703 Alec Ten Harmsel wrote:
> >> On Tue, Jul 03, 2018 at 05:47:22AM -0400, Philip Webb wrote:
> >>> I have a couple of small files which need to be encrypted :
> >>> one is simple text ( .txt ), the other a spreadsheet ( .ods ).
> >>> I haven't used encryption like this before : what do others use ?
> >> 
> >> I have used `gpg' to do this before:
> >>     # Encrypt with a passphrase
> >>     gpg -c <file>
> >>     # Decrypt
> >>     gpg -d <file>.gpg
> >> 
> >> I do have some files I keep encrypted locally
> >> that I use `gpg' to encrypt/decrypt, but with my personal key pair.
> >> For that, I use a vim plugin [1] that transparently decrypts to `/tmp',
> >> lets me edit and then saves back to the original file.
> >> This prevents the decrypted contents from ever being on my hard drive,
> >> as I have `/tmp' mounted as tmpfs.
> > 
> > Thanks, that's very helpful except that you forgot to append [1] (smile).
> > 
> > I don't need to encrypt the files locally,
> > but do need to when I create copies to up-load as off-site back-ups.
> > 
> > Does anyone else have a useful suggestion ?
> 
> Hi,
> 
> there is "reverse" encfs if there are more files to encrypt for backup.
> 
> encfs --reverse ~/dir /tmp/dir
> 
> It will encrypt original files on fly as you read /tmp/dir.
> 
> I used this before (now I backup with duplicity).
> 
> S
> 
> PS: link to arch page with some more info
> 
> https://wiki.archlinux.org/index.php/EncFS#Encrypted_backup


If you use gpg -c then the symmetric key is stored in ciphertext of the 
resulting file.  You can use a salt and multiple iterations to make it more 
secure (check --s2k-mode and --s2k-count in the fine manual) against brute 
force attacks.

If you use gpg -e for asymmetric encryption, then the private key remains 
yours to store securely offline.  Asymmetric encryption is computationally 
expensive, so it wouldn't be used for backing up a whole filesystem with loads 
of files, but could be used to encrypt the back up key and similarly small in 
size but sensitive data.

You can also use openssl for the same purpose.

For the odd file I use gpg -e and shred to delete securely the decrypted file 
from the disk after I have finished reading it (some times my tmpfs is on 
disk).  

Libreoffice can also use gpg to encrypt your files.  Look for the option on 
the File/Save As pop up.

-- 
Regards,
Mick

Attachment: signature.asc
Description: This is a digitally signed message part.

Reply via email to