I’ve tried encrypting folders with 7zip using the built in ‘Ark’ tool, but even when done with the lowest compression level, editing and just generally using these archives is slow and cumbersome. It’s definitely not ideal for regular use. I’m not actually interested in compressing these folders, I just want them encrypted but I’d also like something much more convenient for everyday use. It’d be nice if I could just use my file browser as normal (or another GUI) and be prompted for a password when I try to access one of these encrypted folders. Something that wouldn’t be so slow and clunky to use when I want to edit the contents of these folders such as opening, removing & adding files etc would be nice. I don’t want to wait half an hour to delete a file and then another half an hour to add one because the whole archive has to be repacked each time I do something.
Hopefully you know what I’m getting at?
Is there anything built into Manjaro or something in the official repos (Not the AUR) that can do this?
ecryptfs-utils is already installed but it seems a bit complicated and I’d prefer a GUI.
The GUI for EncFS is in the AUR so I’d prefer not to use that.
I really just want something simple and convenient, maybe even something that can integrate with Dolphin.
I found one called Veracrypt which looks ok. Though I don’t like the way you have to set a static directory size. Something dynamic would be better.
Web searches reveal lots of info about encryption on Linux but not many of them mention GUI methods. And I’m specifically looking for something in the main Manjaro repos which is used and recommend by Manjaro users.
That is your choice to make.
… although I wonder why
(no feedback required - this was just rhetorical) -
as it’s just a GUI (making your life potentially easier) to the actual program
… whatever
and this is your choice to make, as well
… but those are about all the options I’m aware of
aside from … full disk encryption
… but that’s not easily done for single directories …
also with no GUI, (besides any standard file manager)
easy and transparent
for individual directories
would be eCryptFS
IMO
You can also try Cryptomator. It’s meant to encrypt then upload to a cloud, but you don’t have to upload it to a cloud. Works great on Android as well for the same purpose (local or for cloud encryption)
Thanks for the suggestion. plasma-vault looks good! It might be just what I’m looking for so I’m going to try it out
It requires the installation of either CryFS, EncFS or gocryptfs. It seems like all of them have some issues so it’s hard to know which one is best to pick…
Thanks for the heads up.
I don’t use a GUI for that - and my containers work flawlessly, as ever.
It would be a very sad day when it one day suddenly didn’t.
That is another thing to consider:
is the underlying mechanism mature and stable and can you access the data still, even if the GUi stops working or you change DE
and “plasma-vault”, for instance, isn’t there anymore to help you access your data …
Well I’ve just been trying out plasma-vault and while it is really nice to use and well integrated into KDE, there is possibly a big problem with it for me, unless I’ve misunderstood how it works…
There are two directories when creating encrypted files. There’s the ‘Encrypted data location’ and the ‘Mount point’. I find this a bit confusing as the ‘Mount point’ is where my files actually are (right?) but the ‘Encrypted data location’ mirrors it in size so now I have twice as much disk space being taken up, I think? Anyway, the main issue for me is that when the encrypted drive is locked, my backup program thinks there is nothing to backup at the ‘Mount point’. So the only way I can backup my encrypted files is to input the password and unlock the encrypted directory so my backup program can see them in the ‘Mount point’. But then I am backing up unencrypted files which defeats the purpose… Although, my backup program will still see and backup the ‘Encrypted data location’ files when it’s locked.
Does anyone know if just backing up ‘Encrypted data location’ files is all I need if I was counting on a backup to restore these files at a later date, or do I need both directories backed up? I’m trying to figure it out and I’m thinking that maybe the ‘Encrypted data location’ is actually the only location where my files are stored while the ‘mount point’ is simply a place to display them in a way that the user can make sense of once the files have been unlocked?
I couldn’t find documentation for vault on the KDE website and to be honest I’m pretty tired after hours of messing about with this and reading info so I’m hoping someone knows the answer to this one.
Cheers.
@Nachlese Yeh I know what you’re saying. But if I can have this nicely integrated into my desktop environment then I will
@realmain Thanks for the suggestion. I will consider that one if plasma-vault doesn’t work out.
That sounds like EncFS - it’s how it works.
… not sure whether that’s the case for what you use, of course
In the case of EncFS: yes
That is all you need - the mount point is arbitrary.
In the case of EncFS, that is the way you would access your data even without the vault GUI
via: fusermount /path/to/encrypted_directory /path/to/mountpoint (of your choice)
ps:
sorry - I had to edit the post to refer to EncFS, because I used the wrong name initially
Maybe you haven’t explored veracrypt much. You can definitely use dynamic sized folders. See the VeraCrypt manual for help. Not only that, VeraCrypt has more advanced features to bear any other encryption software out there. If you want a simple gui, Veracrypt would be a fantastic choice. It may be a hard to understand for the first time, but you can understand everything within a few days of use. It’s very productive. Trust me, just use it for a week or two. You’ll love it. It’s a lot more faster, safer and secure. It’s not a small team made project, it’s an open-source project made by security expert companies. It has support from many enterprises and even government agencies.
@Nachlese it appears that plasma-vault works in the same kind of way. As far as I can tell, the mount point is not important, just the other directory with the encrypted files so that’s the one I’m backing up. It’s not taking up double the drive space like I previously thought either, it can just appear that way if you’re not familiar with the process.
I’ve tried out Veracrypt and it is very good. Cryptomator is only in the AUR so I didn’t try it. But I really like using Plasma Vault due to it’s nice KDE integration and ease of use. It’s pretty much exactly what I had in mind. It’s just a shame that all of the encryption backends you can currently use it with have issues but I suppose that in time those issues will be fixed.
Anyway, I’ll call it case closed. Plasma Vault it is
Cheers.
Update: And just as I thought everything was good, Vaults now says “No Vaults have been set up” so I don’t even know how to access my files now. Typical eh…
I have been having some issues with Vaults and decided to stop using it. It appears the development has been lacking and the issues I’ve had may not be fixed any time soon. I will definitely check it out again in future though.
Anyway, I’ve been trying Veracrypt again. Dynamic containers are only available for NTFS file systems and they can only expand, not shrink. So I’d have to work with static containers. This is the thing I don’t like about this software. I was happier with the way Vaults was doing things as it simply encrypted whatever files I had and the space taken up would match.
I think the way forward will just be to use the terminal with gocryptfs, cryfs or something similar. It’s simple enough to do but I still wouldn’t mind a GUI if anyone has any suggestions? No big deal though.
Well, if you want maximum security ( I mean the strength or security of the encrytion) and safety ( I mean the less likeness of files being corrupted or such) then having a volume being shrunk will most likely cause security, safety, and performance issues. If you don’t believe me, then try something “really dynamic” I can bet they will be much slower, unsecure and unsafe. Opening different files with programs and saving them, moving files or folders from one place to another, the chances of files being corrupted will increase day-by-day.
On VeraCrypt, you can have multiple volumes (static or dynamic) in the same folder. So you can make small volumes (I usually use around 128mb per vol.) in your desired directory and when you run out of space on a volume, you can make another one, then another one.
That way you won’t have wasted space. If the numbers of volume gets too high (like 10-20) you can merge volumes together.
If suddenly you deleted many files, you can just take those files to a newer volume. And continue your work.
CONCLUSION: These things might seem very hard and risky to you, but trust me, I have been using VeraCrypt for at least 2-3 years on my pc and my server. I have done all kinds of risky experiments with it but NEVER found an issue. That is why enterprise servers to normal people like me trust VeraCrypt for unbeatable performance, stability, scalability, security and safety. Try using VeraCrypt again.
Well what I’m using doesn’t seem to work this way, it doesn’t need to be dynamic or static. It just encrypts files and the space taken up is basically the same size as the encrypted files. When I want to access the files I unencrypt & mount them and browse/edit them in my standard file browser as normal then unmount & encrypt them again when I’m done. There’s no need to make containers with a set size. I much prefer this way and I can’t understand why the VeraCrypt way is better. Maybe somehow that method makes things more secure but I also care about convenience. I don’t want to be messing about quite so much. That multiple small volumes idea doesn’t sound like it’d work for me either.
Thanks for the advice though. I can tell you know the program well and think it’s worth promoting. And I agree it is. I’m just not so sure it’s the right one for my needs.
