I read the post about encrypting usb drives but I'm interested in encrypting files, folders and possibly an automatic system for encrypting files and folders as I put them into a cloud.

I found AES Crypt. (see #11) That looked okay but I (pretty non-techie here) was concerned about running the file and don't know if it works on folders.

Then there was Sophos Free Encryption tool (see #12), which looks great, but it's not on Saphos site anymore and I don't know if it works on Ubuntu and folders.

Then for the cloud stuff there's Cryptomator. (#13 at the bottom).

And granted these are just the ones I happened to notice. And I'm not totally averse to using the terminal but would much prefer a GUI.

Anyway so two questions:

#1) What's good software for encrypting files and folders?
#2) What's a good automated software program for encrypting files and folders as they're put into a cloud?

Thanks.

Attached Thumbnails

     

Don't forget about being able to DEcrypt them.

The options are nearly endless. You can RAR a file with password and it's nearly impossible to crack, but then you pass around password or it gets lost.

Are you trying to keep the NSA from sniffing yer crotch? Good luck there.

Basically, what are you trying to accomplish? More info needed.

When you talk about cloud, then just use whatever BS the cloud suppliers use to make things look encrypted. That will change weekly, with paid upgrades everytime.

I don't put much faith in content-encryption nor drive-encryption ... in the end, the server or software must somehow, somewhere, possess the magic key, and they must constantly be applying it (unless the hardware does ...), which simply slows things down.

I suggest that it is most important to make it damn near impossible to get in, and then to limit what the software can do, should that software be hijacked. For instance:

• Use OpenVPN encryption, with unique 4096-bit keys per machine connection, to cloak everything that passes "machine to machine" over the Internet. Also use it as the only way that you can even begin to gain access to it.
• Use strong certificate-based SSH ... which can only be accessed once you've passed through the VPN.
• Don't GRANT ALL PRIVILEGES ON anything TO anyone! Have different user-ids with permission to do things according to the "principle of least privilege." ("Bobby, howcum your web server was allowed to DROP TABLE students;?")
• Aggressively use SQL database replication.
• Don't rely on "passwords."
• Use read-only mounts. The software source-code and libraries don't need to be modified; therefore, don't make them modifiable.
• Don't trust any software package if you don't know exactly what it does and how it does it, no matter how extravagant the claims made by the vendor.
• Don't trust technical capability and forget that "security is a process." The Enigma cipher should have been impenetrable.

For USB or Cloud Encryption I suggest you look at EncFS
-- It will be in your linux package repository

This creates a second mount of the usb (or cloud) that is a decrypted version on the local machine. Only the local machine (not the USB or cloud) has the encryption key or sees decrypts files, and the encrypted data remains in the form of files and directories.

You can search edit and example teh decrypted filesm the data itself is not stored on disk in decrypted form!

The key difference to a encrypted RAR however is that any changes you make only changes the encrypted form of the file, whcih greatly reduces the traffic. In other words it does not have to encrypt/decrypt upload/download a large archive just for a change in a single file.

For a cloud backup you can even do a reversed encryption. That keep a local unencrypted copy, but create a mounted encrypted version for backup to the cloud.

For a basic summary (and more advanced notes I have made) see
http://www.ict.griffith.edu.au/antho...to/encfs.hints
Yes it is a plain text file.

Additional...
Actually BoxCryptor is based on a restricted (specifc setup) form of EncFS.
Cryptomator I think (not certian) is the same. They just wrapped a GUI around it.

Really, the speed of encryption and decryption is very fast. Compression and Network is actually orders of magnitude slower!

The only part of encryption that is generally designed to be made slower is the Key derivation hashing (converting a pass-phrase into a cryptographic encryption key). They want this to take 1/2 to 1 second, to prevent brute force dictionary attacks. But it only needs to be done once on setup, so even that is not 'slow' from a normal users perspective.

Also using EncFS the files are only decrypted AS NEEDED. So the only time you would notice a problem is when say copying LOTS of files (backups?) -- I have never seen a speed problem even when grepping (searching) the decrypted mount of the archive! Even then with ENCfs you can backup (sync to another system or to cloud) the decrypted files without even decrypting them. That is not possible with a encrypted RAR, or Disk Partitioning (block level) Encryption.

In summary, Speed is not an issue.
-- Besides what do you think VPN is using which was part of your recomendations! Or even HTTPS (wecure web) whcih everyone uses.


Key in memory is also not really a problem. The user uses a pass-phrase, which is converted to a cryptographic key that is actually used for the encryption process. The Pass-phase itself is not used, nor kept in memory. This key looks like a 16 byte string of random binary numbers. So unless you are a Cryptographic Wiz (or NSA agent), finding the key in memory is VERY difficult without extremely intimate knowledge of the internals of the program.

+1 for password archives... I just set one with two passwords a .jar in a .zip to keep file titles inside secure.
Foil hat--> <;-D

You do mean this thread about USB?

Gregg Bell

it really comes down to just HOW paranoid you are / need to be

the PI. your soon to be EX hired ?
or the FBI,CIA,NSA,... will toss you in JAIL or worse !!!


for the second ?
there is not much unless you are near PERFECT in the OpSec .

Thanks mdooligan. I was just looking to be able to encrypt files and folders (in general). Then to store the encrypted ones in the cloud.

Thanks sundial. Lots of good information here. I don't need 'machine to machine' encryption. (I don't think anyway. LOL) Yeah, mostly after just basic encryption. (I don't have anything that sensitive.)

Thanks A.Thyssen. Hmm. I looked at that txt file. A lot of information. It looks great but pretty much for my needs. I looked at Boxcryptor's site and they have a new thing called Whisply. I don't know, I didn't trust Whisply (it wanted me to sign in to Dropbox). I need to be extra-concerned because I'm not very knowledgeable how computers work. But I'm learning. Appreciate you responding.

Thanks jamison. Yes, that was the USB thread I was referring to. And your method sounds simple enough (even for me!). Can you explain how it's done or have a link explaining it?

Should be able to right click and select "compress to..." then pick a format that has a password check-box.

I really have no reason to be paranoid but I am! And yeah, I was reading about the cloud encryption and the various disasters that were potential. Yeah, I'm going to chill on this, I think. And OpSpec? Operational Security? Hmm. I don't think the clouds for me.

I'm going to close this and post a simpler thread. Thanks.

Okay, thanks, I saw that. (On mine it's a 2-stage process. I have to right click, choose "create archive" and then there's a dropdown box with the password entry box.) The only extensions that had a password box were: .cbz, .ear, .war and .zip. Is one better than the other? And Is this good encryption? (You always hear about this 256 aes being good.) And I noticed there were some things that when I right-clicked on them I was not given the option to "create archive" (hence no option to encrypt it). I noticed .odt files (which is what I would want mostly to encrypt) and .docx files did not have the "create archives" option. While .doc did. Kind of strange. Know what's up with that? (I suppose I could always put the file in a folder and encrypt it that way.) Thanks.

.zip seems most popular and probably compresses best if that matters?