this post was submitted on 02 Dec 2023
30 points (91.7% liked)

Linux

48083 readers
816 users here now

From Wikipedia, the free encyclopedia

Linux is a family of open source Unix-like operating systems based on the Linux kernel, an operating system kernel first released on September 17, 1991 by Linus Torvalds. Linux is typically packaged in a Linux distribution (or distro for short).

Distributions include the Linux kernel and supporting system software and libraries, many of which are provided by the GNU Project. Many Linux distributions use the word "Linux" in their name, but the Free Software Foundation uses the name GNU/Linux to emphasize the importance of GNU software, causing some controversy.

Rules

Related Communities

Community icon by Alpár-Etele Méder, licensed under CC BY 3.0

founded 5 years ago
MODERATORS
 

I'm looking for a veracrypt/truecrypt equivalent but at the folder-level and dynamic sizing

Something like a tool which could encrypt folders in real-time and then be able to lock it up. Truecrypt expects me to provide a size for it, I'd like something more dynamically sizeable based on the files I store in it.

Even just a tool that encrypts files written into it and converts them to other files works with me

top 27 comments
sorted by: hot top controversial new old
[–] cvf@kbin.social 14 points 11 months ago (1 children)

CryFS does what you want, it's the default used by the KDE Vaults feature.

there's also a comparison page on the site, comparing it to other solutions.

[–] Holzkohlen@feddit.de 1 points 11 months ago

Yeah, I was going to suggest KDE vaults as well.

[–] just_another_person@lemmy.world 11 points 11 months ago* (last edited 11 months ago) (1 children)

I'm assuming you don't want a full disk encryption solution, but you can also use LUKS to just create an encrypted mount of any supported filesystem. You don't need any type of standalone program to encrypt your things for you.

[–] wontbowyoung@lemmy.world 3 points 11 months ago

Makes sense

[–] TCB13@lemmy.world 9 points 11 months ago* (last edited 11 months ago) (1 children)

Here's a table with multiple solutions and comparisons: https://www.cryfs.org/comparison

Just be aware that some solutions like gocryptfs are provided on a user-space filesystem (Fuse). This has a very low performance and most importantly if you require inotify on the decrypted data for some application then it won't be available. In short inotify is what allows apps to watch a filesystem for changes and act accordingly in real time.

[–] AProfessional@lemmy.world 18 points 11 months ago (1 children)

Tables like this suck. They are made by one of the projects in the comparison and they include no data.

[–] TCB13@lemmy.world 2 points 11 months ago

Better than nothing. :)

[–] hottari@lemmy.ml 4 points 11 months ago

I use gocryptfs with a GUI wrapper called Vaults. It's very neat.

[–] HarriPotero@lemmy.world 4 points 11 months ago

Sounds like you're looking for EncFS.

It'll leak the size and structure of whatever you have there. Filenames and content are encrypted.

[–] AbidanYre@lemmy.world 3 points 11 months ago (1 children)
[–] wontbowyoung@lemmy.world 2 points 11 months ago* (last edited 11 months ago) (1 children)

Thanks I will look into it. But tomb also seems to not have dynamic sizing

[–] AbidanYre@lemmy.world 4 points 11 months ago (1 children)

You can increase the size of a tomb, but IIRC it's an offline process.

[–] wontbowyoung@lemmy.world 3 points 11 months ago (1 children)

Yeah, I think as of now I will go for it

[–] cypherpunks@lemmy.ml 1 points 11 months ago

tomb looks like a nice wrapper around LUKS but it doesn't appear to support creating a sparse file, so, it will immediately use however much space you allocate to it.

(I think it doesn't support a sparse backing file because I searched the word "sparse" on their github, and for the word "seek" (which is the dd argument for creating a sparse file) in the tomb bash script, and both searches yielded no results.)

[–] cypherpunks@lemmy.ml 3 points 11 months ago

You have a few options.

My preferred way is to create an encrypted disk image using LUKS, backed by a sparse file. Sparse means that, while you'll still need to specify a size for the encrypted volume, it won't actually use the space on the underlying disk until you use the space on the encrypted volume. You could even make the encrypted volume bigger than your physical disk (though of course you'd get an error if you tried to actually use that extra space).

There are a few ways to setup a LUKS container; if you want to learn how to do it manually, this howto i just found looks like a good overview of the steps (though I wouldn't recommend doing its final Setup auto mount section).

These days, you can also create a LUKS volume on a sparse file entirely using a GUI such as the GNOME Disks program. Using it, just click the hamburger menu and select "New Disk Image" and then with your new disk image selected click the gears menu and "Format Partition" and there should be a checkbox for LUKS on that screen. If you leave "Erase" turned off (which is the default), then the backing file will be sparse.

One downside to the sparse disk image approach is that when you delete files from the encrypted volume you will not regain that space on the outer disk automatically. It is possible to, but requires work to do so which I won't try to document here.

Another approach which doesn't have that downside is to use eCryptfs instead of LUKS. It stores each encrypted file separately (with an encrypted name) and thus doesn't hide the directory structure or file sizes - only directory and file names and file contents are encrypted. It also appears to have not been updated since 2016, but, it is still included in various distributions so it is also an option. You can read about how to use it (and other caveats about it) on the arch wiki.

[–] theit8514@lemmy.world 2 points 11 months ago

I have used gocryptfs (https://github.com/rfjakob/gocryptfs) in the past, it creates an overlay mount that encrypts each dir and file separately, so no need to precreate a container. There are some security downsides to this approach though so be aware of that. https://nuetzlich.net/gocryptfs/threat_model/

[–] phrogpilot73@lemmy.world 2 points 11 months ago (1 children)

I use Cryptomator. Does exactly what you describe.

[–] TCB13@lemmy.world 4 points 11 months ago (1 children)

Just be aware you can lose your data. It is really bad with long file names and folders with a large number of files, there are multiple reports online about people losing their data. I personally have experienced this with large file names and once an entire vault that suddenly couldn't be open.

[–] Evotech@lemmy.world 1 points 11 months ago (1 children)

I'm pretty sure most of the reports online is rooted back to user error.

[–] AbidanYre@lemmy.world 2 points 11 months ago (1 children)

That doesn't help the people who lost data.

And the reports are common enough that it suggests cryptomator should consider making some interface changes.

[–] Evotech@lemmy.world 1 points 11 months ago (1 children)

I'm just saying it's not going to randomly brick your data. Just be cautious when performing tasks.

[–] AbidanYre@lemmy.world 1 points 11 months ago

That's fair. But I'd still be really wary of something with a reputation for eating data just because a user looked at it funny.

[–] 0xtero@kbin.social 1 points 11 months ago (1 children)
[–] cypherpunks@lemmy.ml 1 points 11 months ago (1 children)

that creates encrypted archives, but doesn't provide a mountable filesystem (which is what OP means by "real-time").

[–] 0xtero@kbin.social 2 points 11 months ago

Ah ok, well LUKS in that case I guess

[–] bizdelnick@lemmy.ml 1 points 11 months ago

EncFS, CryptoFS, eCryptFS...

[–] uis@lemmy.world 0 points 11 months ago

Ext4 encryption