July 17, 2020

Ubuntu - encryption

Several ways to keep your(my) information safe.  The key is encryption, and use less of cloud service.

Expect system will be hacked, information will be stolen.  Rather than make system completely unhackable, which is impossible, focus on how to make it difficult and recover, and minimize the damage.

Backup important files

Tried many cloud based services.  Use hybrid approach:

* Family photos

These type of data is important and mustn't lose them, but it's not that critical that if someone else get their hands on them.  Use cloud to store back up and use local back up as well.  May not want to encrypt such huge volume of files -- videos and photos.


You can reset the PW most of the times.  It's important that nobody has any access to it, but at the same time, I can access it from different places/devices easily.
Use cloud + encryption.  E.g. Use KeePassX and save the file in the cloud.
And never use the same PW for other sites or systems.


System will get hacked -- and if files are already encrypted, it will be a lot harder for hackers to steal the actual information.

On Ubuntu/Linux, these are some solutions I found:

* Virtual volume with encryption
* File system encryption
* Encrypt individual file

Virtual volume with encryption

Use VeraCrypt or TrueCrypt.  VeraCrypt is newer, branched off from TrueCrypt.  Some reports said it's not that safe however.

[1] VeraCrypt, https://www.veracrypt.fr/code/VeraCrypt/

$ wget https://launchpad.net/veracrypt/trunk/1.24-update4/+download/veracrypt-1.24-Update4-Ubuntu-19.04-amd64.deb
$ sudo apt install ./veracrypt-1.24-Update4-Ubuntu-19.04-amd64.deb

$ sudo apt remove --purge veracrypt
$ sudo apt autoremove

[2] TrueCrypt, http://truecrypt.sourceforge.net/

$ sudo add-apt-repository ppa:stefansundin/truecrypt
$ sudo apt-get update
$ sudo apt-get install truecrypt
$ sudo visudo -f /etc/sudoers.d/truecrypt
    your_username ALL=(ALL) NOPASSWD:/usr/bin/truecrypt

File System Encryption

[1] eCryptFS, https://www.ecryptfs.org/about


$ sudo apt install ecryptfs-utils -y
$ sudo mount -t ecryptfs mydoc/ mydoc/
$ sudo umount /home/kkim/mydoc
$ sudo mount -t ecryptfs mydoc/ mydoc/

[2] ZFS (didn't try)

Encrypt file(s)

[1] ccrypt
$ sudo apt-get install ccrypt

$ ccencrypt test.txt
This will ask for encryption key twice and encrypt the file, append .cpt to the file name

$ ccdecrypt test.txt.cpt

[2] 7z
$ sudo apt-get install p7zip-full

$ 7z a -p thisdir.zip *
$ 7z e thisdir.zip

Email Encryption

Use Thunderbird + Enigmail extension.

Chat Encryption 


I use all of the above methods, except FS encryption -- I found using virtual volume is easier and transportable as it's just one file.  Example usage: create 500MB VeraCrypt volume and place it in Dropbox.  At home, use your Ubuntu to use the content inside of it, at work, use Windows to use the volume.

And don't trust cloud services too much -- they have been hacked, and they will get hacked again.  They'll go down, go out of business, lose files or mess up files.  Always make local back up -- e.g. external USB drive.

No comments: