Linux - SoftwareThis forum is for Software issues.
Having a problem installing a new program? Want to know which application is best for the job? Post your question in this forum.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
.zip seems most popular and probably compresses best if that matters?
Cool. Thanks. But is .zip good encryption? Like I was saying about the AES 256 thing? And in your other post you were talking about using two extensions, right? What's that process?
... And in your other post you were talking about using two extensions, right? What's that process?
I encrypted many files (no folder) but when I click on the .jar it showed the extractable files and their names then asked for my (strong or not) password... so, I encrypted it again that now when I click on the .zip all I see is the .jar's name,,, tho I now realize a folder encrypted should hide the file names as well. (Two different passwords tho. )
Last edited by jamison20000e; 02-18-2016 at 01:02 AM.
Passwords ... "pre-shared keys," call them what you will ... are evil.
Use standard techniques such as OpenVPN and GPG and SSH, and use them correctly, which means: "use digital certificates."
A certificate file, which may be further encrypted with a password, contains thousands of bits of information which cannot be forged. Either you possess it (and the other party has not repudiated it ...), or you don't. "Them's your choices."
It's like swiping your badge at a door, and maybe entering a number on a keypad. That badge belongs uniquely and identifiably to you, and it can be made to "drop dead" at any time. And yet, it does not stand in the way of you "effortlessly" getting into the secure area.
If you're paranoid, use gpg to encrypt your files. That's the most secure method. That said, I often use other means, such as Minilock. I use it for things I don't really want in the open, but that won't result in my death, incarceration, or bankruptcy if broken. One has to balance security against convenience. Minilock lets me encrypt/decrypt the files on any device, including my PC, chromebook, phone, or whatever. But if the file is really sensitive, convenience needs to be overridden, and gpg is a better choice.
I encrypted many files (no folder) but when I click on the .jar it showed the extractable files and their names then asked for my (strong or not) password... so, I encrypted it again that now when I click on the .zip all I see is the .jar's name,,, tho I now realize a folder encrypted should hide the file names as well. (Two different passwords tho. )
Wow. Thanks jamison. It's going to take a while for me to digest this stuff and thanks for the links. (Although I think that Roboform password tester is a little too generous saying how long it will take to crack passwords. Some relative simple ones would take "32 years." Ha ha. I wish.)
Passwords ... "pre-shared keys," call them what you will ... are evil.
Use standard techniques such as OpenVPN and GPG and SSH, and use them correctly, which means: "use digital certificates."
A certificate file, which may be further encrypted with a password, contains thousands of bits of information which cannot be forged. Either you possess it (and the other party has not repudiated it ...), or you don't. "Them's your choices."
It's like swiping your badge at a door, and maybe entering a number on a keypad. That badge belongs uniquely and identifiably to you, and it can be made to "drop dead" at any time. And yet, it does not stand in the way of you "effortlessly" getting into the secure area.
Thanks sundial. I looked at OpenVPN and it looked like more than I needed. GPG via the terminal is fine. I liked it. But see the screenshot. Was I using it correctly? And if so, how would I go about encrypting a folder with it?
If you're paranoid, use gpg to encrypt your files. That's the most secure method. That said, I often use other means, such as Minilock. I use it for things I don't really want in the open, but that won't result in my death, incarceration, or bankruptcy if broken. One has to balance security against convenience. Minilock lets me encrypt/decrypt the files on any device, including my PC, chromebook, phone, or whatever. But if the file is really sensitive, convenience needs to be overridden, and gpg is a better choice.
Thanks sgosnell. I liked using gpg but I wasn't sure if I was using it rightly or if the warning I got meant anything. (see screenshot) And if I was using it correctly, can I use gpg to encrypyt folders as well? (And is the gpg encryption like as good as the AES 256?)
GnuPG defaults to RSA2048 encryption, far better than AES256. You can change that if you want.
As for how to use it, read the man pages, or at least the quick help. As a start, you use -e to encrypt a file, -d to decrypt. Decrypt is the default, so if you use neither, you're telling it to decrypt the file. A quick and useful guide to using gpg is here. To encrypt a folder, you would use tar or similar to make an archive of the folder and its files, then encrypt the tarball. That's far more secure than just using a password-protected zip file. But again, it depends on your level of paranoia, and the importance of the files. It's not hard to cobble up a script that would do all the work for you. You could incorporate syncing the result to the cloud in the script, or you could just put it in a folder that syncs automatically, like Dropbox or similar. And you could put it all into a cron job that does it all on a schedule of your choice without you having to do anything at all.
GnuPG defaults to RSA2048 encryption, far better than AES256. You can change that if you want.
As for how to use it, read the man pages, or at least the quick help. As a start, you use -e to encrypt a file, -d to decrypt. Decrypt is the default, so if you use neither, you're telling it to decrypt the file. A quick and useful guide to using gpg is here. To encrypt a folder, you would use tar or similar to make an archive of the folder and its files, then encrypt the tarball. That's far more secure than just using a password-protected zip file. But again, it depends on your level of paranoia, and the importance of the files. It's not hard to cobble up a script that would do all the work for you. You could incorporate syncing the result to the cloud in the script, or you could just put it in a folder that syncs automatically, like Dropbox or similar. And you could put it all into a cron job that does it all on a schedule of your choice without you having to do anything at all.
Thanks a lot, sgosnell. That quick start guide looks do-able. I think that may be a good way to go if I have something really sensitive. And I like that it shows how to do folders, as well. As for the rest of it (the script, crono job etc.) LOL maybe some day! Appreciate it.
P.S. Are GnuPG and GPG the same thing? I'm thinking not because (see my screenshot in post #26) I was using GPG in the terminal, but your quick start guide has different commands. Thanks.
P.S.S. Was my way of using GPG (again, screenshot in post #26) of any value at all? I ask because it was really easy and quick to do. Thanks.
Last edited by Gregg Bell; 02-18-2016 at 10:41 PM.
Reason: added two questions at the end
Passwords ... "pre-shared keys," call them what you will ... are evil.
Use standard techniques such as OpenVPN and GPG and SSH, and use them correctly, which means: "use digital certificates."
A certificate file, which may be further encrypted with a password, contains thousands of bits of information which cannot be forged. Either you possess it (and the other party has not repudiated it ...), or you don't. "Them's your choices."
It's like swiping your badge at a door, and maybe entering a number on a keypad. That badge belongs uniquely and identifiably to you, and it can be made to "drop dead" at any time. And yet, it does not stand in the way of you "effortlessly" getting into the secure area.
In my case this or is over kill. I let my nephews use my laptop all the time and encourage them to look in my books and text files &c but something like:
Code:
wget --recursive http://textfiles.com/
and the folders name is not for them. When they get to the point of cracking .etc? more power to them and hopefully raised right brings questions and no worries.
Last edited by jamison20000e; 02-21-2016 at 03:26 PM.
gpg is the executable for the GnuPG package. The -c option you used is for symmetric encryption, meaning you enter a separate password to encrypt/decrypt the file. If you use -e instead, your keys are used for encryption/decryption. Either will work, but IMO using keys is a more secure way of doing it. Plus, you always use the same passphrase for decryption, which is the passphrase for your secret key. If you use -c, you have to remember the password you used for that one-time encryption, which may be difficult. But -c does have its uses.
One thing to remember is that after you encrypt a file, the unencrypted version of the file remains, still in the clear. You need to remember to delete that file if you need only the encrypted version. If you're encrypting files for upload to the cloud, and want to keep the unencrypted files on your local disk, that's fine. You have both versions, and can deal with them as you prefer.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.