Quote:
Originally Posted by jamison20000e
|
You may be starting -- but I recommend you use EncFS...
This is a 'directory-level' encryption. Files are stored in a normal file system, as directories and files, which lets you store them on a normal (VFAT, or networked) filesystem.
The big advantage of such encryption systems is that you can use incremental synchronization (rsync) between machines or to network storage (Dropbox or the like). That is you do not need to decrypt to do incremental updates. Only the individual files that has been modified, are transferred.
eCryptfs encrypts each file in the filesystem. The filename is left as is. So it is very easy for someone to see what is being encrypted, even though they may not be able to see the contents.
EncFS also encrypts each file in the filesystem, but also encrypts the filenames!
The downside (to both) is that the directory structure and rough file sizes of the data remain visible. Even though with EncFS the file/directory names are not visible.
EncFS is also thoroughly tested, and proven to work without problems, and in a variety of different ways. For example you can store data locally unencrypted, and upload a encrypted version to the network (reversed EncFS).
Now if you want bleeding edge (currently in beta testing)...
CryFS is like EncFS except the files are broken into multiple files (or small ones merged) to hide files sizes. The directory structure is also stored as normal files (and thus USB or network storable). As such the file sizes, and directory layout is also hidden from view, while retaining incremental synchronization of changes between encrypted copies.
I cannot personally recommend CryFS, as being stable or time tested, as yet, but it is the next logical step, to directory level encryption techniques.
---
As for using Luks or CryptSetup. That is a Disk Partition encryption system. This works well for USB sticks but you can not use it for network storage. Also if you want to make a backup or sync the data between machines you have to do it with the decrypted data! That is mount decrypted versions at both ends then do the copy/sync using the unencrypted data!
That is what makes a directory level encryption works so much better in general. Copy/Sync the files without needing decrypting them first.