3
1

I wish to encrypt certain files or even better all data files that I create and download to my Ubuntu laptop in order to protect them from unauthorized users. What are my options? What are problems to watch out for? Is there any program that will encrypt/decrypt everything going in and out of specific directories on the hard disk transparently?

asked 04 May '10, 02:15

paranoid's gravatar image

paranoid
3112
accept rate: 0%

edited 04 May '10, 18:37

Web31337's gravatar image

Web31337
317111

Please accept an answer so the question/answer can be finished. Or provide more details so we can help.

(20 Apr '11, 13:58) rfelsburg ♦



You can use TrueCrypt or EncFS for this as well.

TrueCrypt: http://www.truecrypt.org/

EncFS: http://www.arg0.net/encfs

I'm sure there are lots of tutorials available for both :)

link

answered 04 May '10, 04:39

feinom's gravatar image

feinom
2195
accept rate: 33%

You can use encrypted filesystem with LUKS (cryptosetup).

http://code.google.com/p/cryptsetup/

or google for "cryptsetup luks howto"

advantage: built-in in kernel

you can encrypt containers too (loop device)

link

answered 04 May '10, 13:13

Tom%20Funke's gravatar image

Tom Funke
611
accept rate: 0%

Well to encrypt a single file, you can use gpg:

$ gpg -c filename

It should then prompt for a passphrase or password for it. Though, to encrypt entire directories, I think you may have to compress it first.

The quickest way I can think of that'll encrypt files as you place them in a directory is writing a script that is constantly waiting for new files to be placed in said directory, and it then encrypts it and continues to wait for more. But that method would probably be pretty process heavy for a simple directory that encrypts files as they're placed in.

link

answered 04 May '10, 02:50

Jub's gravatar image

Jub
1362
accept rate: 14%

gpg-zip is a way to compress directories.

(04 May '10, 18:36) Web31337

I've been using truecrypt for quite some time now, without issue. Both whole drives and individual directories and easy to use. Even on windows machines.

link

answered 04 May '10, 16:35

mithrandir9x's gravatar image

mithrandir9x
211
accept rate: 0%

I have been using TrueCrypt as well for a few months and it works great.

link

answered 04 May '10, 19:22

carlicuslinux's gravatar image

carlicuslinux
111
accept rate: 0%

use gpgdir does a very good job; google "gpgdir"

link

answered 07 May '10, 17:38

max's gravatar image

max
111
accept rate: 0%

Well, with Ubuntu, you actually have the option on installing the operating system (since 9.10) to have your home directory always encrypted. This means that all data saved in your /home/username directory is unreadable by anyone. Ubuntu will automatically un-encrypt your home directory when you log in and re-encrypt when you log out.

(In technical terms, your data is actually stored as a mountable image in an encrypted format. When you login your encrypted data is mounted to be immediately accessible, so if you log out or lose power or whatever, your data is still encrypted because it needs to be remounted on boot each time which is a quick and relatively painless task for the OS to do)

link

answered 11 May '10, 08:58

Gareth's gravatar image

Gareth
231115
accept rate: 62%

To those using TrueCrypt, Google "Evil Maid Attack" (no quotation marks).

link

answered 11 May '10, 19:20

Ron's gravatar image

Ron ♦
9361618
accept rate: 13%

All of the above answers are great!

But all you really have to do is:

$ chmod -Rv 400 ~/.privdata

Where .privdata is the hidden directory tree you are concerned with(Hiding the directory only serves the "out of sight, out of mind" aspect, but every little bit of obfuscation adds some extra layer of security).

That leaves only one user to concern yourself with, and that's the Superuser - if that's you, then:

# chmod -Rv 400 /root/.privdata

Should fix everything up nicely, without having to even worry about ecrypting the data since it is now inaccessible unless you get 0wn3d by a h4x0r, but there's more ;)

Regardless of which methodology (or combination thereof) you choose (and you may want to mix for example, gpgdir or truecrypt with the methodology I've just provided you with), there's an often forgotten goodie that I regularly use (DO NOT FORGET THAT YOU HAVE DONE THIS) to make the file completely immutable:

$ man chattr

Be careful with this - it is only for the most paranoid and it is akin to hard-coding data on your hard drive - so again, if you use it, don't forget that you have.

I hope that helps!

Kindest regards,

Bradley http://NorthTech.US

.

link

answered 24 May '10, 22:03

tallship's gravatar image

tallship
390111
accept rate: 20%

edited 24 May '10, 22:17

Ron, thanks for the informative post. I was considering encrypting my home directory with TrueCrypt, but now I don't see the point.

link

answered 21 May '10, 14:51

Randy%202's gravatar image

Randy 2
-12
accept rate: 0%

Your answer
toggle preview

Follow this question

By Email:

Once you sign in you will be able to subscribe for any updates here

By RSS:

Answers

Answers and Comments

Markdown Basics

  • *italic* or _italic_
  • **bold** or __bold__
  • link:[text](http://url.com/ "Title")
  • image?![alt text](/path/img.jpg "Title")
  • numbered list: 1. Foo 2. Bar
  • to add a line break simply add two spaces to where you would like the new line to be.
  • basic HTML tags are also supported

Tags:

×90
×81
×15
×4

Asked: 04 May '10, 02:15

Seen: 4,560 times

Last updated: 20 Apr '11, 13:58

powered by OSQA