On Tuesday, 3 July 2018 13:33:27 BST Samuraiii wrote: > On 3.7.2018 13:27, Philip Webb wrote: > > 180703 Alec Ten Harmsel wrote: > >> On Tue, Jul 03, 2018 at 05:47:22AM -0400, Philip Webb wrote: > >>> I have a couple of small files which need to be encrypted : > >>> one is simple text ( .txt ), the other a spreadsheet ( .ods ). > >>> I haven't used encryption like this before : what do others use ? > >> > >> I have used `gpg' to do this before: > >> # Encrypt with a passphrase > >> gpg -c <file> > >> # Decrypt > >> gpg -d <file>.gpg > >> > >> I do have some files I keep encrypted locally > >> that I use `gpg' to encrypt/decrypt, but with my personal key pair. > >> For that, I use a vim plugin [1] that transparently decrypts to `/tmp', > >> lets me edit and then saves back to the original file. > >> This prevents the decrypted contents from ever being on my hard drive, > >> as I have `/tmp' mounted as tmpfs. > > > > Thanks, that's very helpful except that you forgot to append [1] (smile). > > > > I don't need to encrypt the files locally, > > but do need to when I create copies to up-load as off-site back-ups. > > > > Does anyone else have a useful suggestion ? > > Hi, > > there is "reverse" encfs if there are more files to encrypt for backup. > > encfs --reverse ~/dir /tmp/dir > > It will encrypt original files on fly as you read /tmp/dir. > > I used this before (now I backup with duplicity). > > S > > PS: link to arch page with some more info > > https://wiki.archlinux.org/index.php/EncFS#Encrypted_backup
If you use gpg -c then the symmetric key is stored in ciphertext of the resulting file. You can use a salt and multiple iterations to make it more secure (check --s2k-mode and --s2k-count in the fine manual) against brute force attacks. If you use gpg -e for asymmetric encryption, then the private key remains yours to store securely offline. Asymmetric encryption is computationally expensive, so it wouldn't be used for backing up a whole filesystem with loads of files, but could be used to encrypt the back up key and similarly small in size but sensitive data. You can also use openssl for the same purpose. For the odd file I use gpg -e and shred to delete securely the decrypted file from the disk after I have finished reading it (some times my tmpfs is on disk). Libreoffice can also use gpg to encrypt your files. Look for the option on the File/Save As pop up. -- Regards, Mick
signature.asc
Description: This is a digitally signed message part.
