Suggestion on multiple encrypted private folder for my home profile

timemaster · 2021-08-30 00:30:21

Hello all,
I'd like to have some suggestion / opinion for encrypted container or folder on my desktop.
I'm currently running ecryptfs, with the ecryptfs-mount-private wrapper from the wiki.
I've been adding multiple things in this folder, including backup of password managers, backups of luks header for encrypted partition, accountings information, recovery codes for some websites and etc.

Most of the time, I decrypt the folder when I need to access or write about the accounting info. It's almost never about the other stuff. It's been doing this for some time but I kind of don't like it anymore. Each time I open the full private folder, any bad software running on my account could steal all the other files that are way more infortant than the accounting info.
I would like to king of have multiple encrypted folder based on the security and usage. for example one for the accounting, one for the backup of my password manager and recovery accounts, etc. I would only open the folder that I need and expose the minimum information.

Another this is, I'm kind of tired of always opening the terminal each time to unlock / lock a folder. It would be nice to have a graphical something build-in the file manager (nemo) but I haven't been able to find anything.

I've been looking at tools and I'm unsure what to do

Ecryptfs is kinda dead, I remember reading somewhere that no new features were going to be added and that the security should stay correct correct even thought people should migrate out of it because of some of it's shortcuming
cryptsetup would be ok, but I there don't seems to be a lot of correct gui application to manage luks file based volume. I saw a post about zuluCrypt in the arch forum but not sure this is the correct thing. Plus cryptsetup absolutely need the root password on top of the container password, and frankly this just slow things down. Currently I don't have a gui and it's so tiring typing the various commands to open the container, mount the file system.

Anybody have tips and tricks to improve the usuability side when using encrypted folder / container, for container that do not stay open all the time ?
Thank you.

Ammako · 2021-08-30 00:57:34

Buy a flash drive, make a few LUKS encrypted partitions on it, and put each different thing on different partitions. The partitions should just show up on your file explorer when you plug in the flash drive, it'll just ask for encryption password when you try to open them.

Not sure you have much to gain in terms of security though, by keeping everything in separate containers. It's not like malware would just announce itself as soon as you have it running, chances are it would just silently run in the background without you noticing, until sooner or later you've had to open your other containers, and it just waits to get access then. You would benefit more from keeping a separate air-gapped machine, and only opening the truly sensitive data on that machine, but if you're using the same flash drive across both devices there's no guarantee malware wouldn't be able to write something to your flash drive that ends up infecting the air-gapped machine as well.

You might think malware on an air-gapped machine doesn't matter, but if you've got malware running on said air-gapped machine, it can easily just collect data and write it to the flash drive, and then later, once you plug in that flash drive to an internet-connected machine, it can send that data over to wherever.

seth · 2021-08-30 07:21:26

I would like to king of have multiple encrypted folder based on the security and usage. for example one for the accounting, one for the backup of my password manager and recovery accounts, etc. I would only open the folder that I need and expose the minimum information.

Directory encryption per se is not a thing, but you can encrypt disk images (files that act as a drive)
https://wiki.archlinux.org/title/Dm-cry … _container

No explicit need for flash drive or partitions here, but Ammako has a point reg. security and malware - a compromised system is compromised.
What this approach however can do is better secure your data against random theft at Starbucks et al.
The benefit of the flash drive is that you can keep it with you all the time.
But then there's oc https://xkcd.com/538/ … ;-)

Arch Linux

#1 2021-08-30 00:30:21

Suggestion on multiple encrypted private folder for my home profile

#2 2021-08-30 00:57:34

Re: Suggestion on multiple encrypted private folder for my home profile

#3 2021-08-30 07:21:26

Re: Suggestion on multiple encrypted private folder for my home profile

Board footer