![]() This can be done on Linux as well, but most users will likely prefer to use Linux’s built-in disk encryption tool, dm-crypt.Ī partition tree viewed with lsblk. Windows users may recall that VeraCrypt (or TrueCrypt) can encrypt drive partitions and entire disks. Everything is protected, so long as your PC is off. That way, there’s little need to worry (for the most part) about what files are stored where. Sometimes, it can just be easier to encrypt everything on your system. Tomb’s usage is quite simple, and the project website offers useful guidance. The dm-crypt utility is standard to Linux and is its built-in disk encryption engine (I’ll get to more on that in a bit), but it can also be used to create containers. Tomb is little more than a script, but it makes creating and managing containers and keys for dm-crypt really easy. The good thing about using a VeraCrypt container is that you can access its contents using VeraCrypt on both Windows and Linux.įinally, there’s a tool called Tomb. There’s a good tutorial on VeraCrypt’s website that explains how to create such a container. VeraCrypt is capable of creating encrypted containers of fixed size, which can help obscure the size of the files in the container. If you have to modify or add files in the archive, you basically have to delete the old file and encrypt a new one.Ī simpler and more secure way to handle containers is to use VeraCrypt (the successor to TrueCrypt). ![]() The downside to such a simple container is that you have to delete the plaintext (decrypted) file once you’re finished with it. The most basic container can be a zip or gzipped tar file (.tar.gz) that you encrypt using OpenPGP. ![]() Setting up a container and key using Tomb is really easy, if you’re comfortable with the command line. That file can be in your home folder, copied to a USB drive, stored in the cloud, or put anywhere else that’s convenient. In its simplest form, a container is a lot like a zip file that’s encrypted. There are a few browser plugins like Mailvelope (which offers add-ons for both Chromium/Chrome and Firefox) that work pretty well for those who prefer webmail.Ĭontainers are handy because they’re portable. KDE’s online documentation provides a manual for GPG integration with KMail, and Fedora has a great how-to for Evolution. Both KDE’s KMail and GNOME’s Evolution support OpenPGP natively. If you use Mozilla’s Thunderbird, you’ll need to install the Enigmail extension. How you set up GnuPG for use with your email will vary depending on the client you use. You can use a GUI to create your keys if you’re not confident about the command line. While a 2,048-bit key is considered pretty safe, a 4,096-bit key will provide more protection, though at the expense of slightly longer times for key creation, encryption, and decryption. You’ll also need to provide a key strength. When you create your key you’ll need to provide (at minimum) a name and email address to help identify the key. If you prefer a KDE-compatible interface, you can install Kleopatra, while GNOME 3 users might prefer GNOME’s Seahorse. GnuPG is also available for Windows using GPG4Win, which provides Windows versions of both Kleopatra and GPA.īefore you can encrypt files or email with OpenPGP, you’ll need to create your first keypair. The GnuPG team provides the GNU Privacy Assistant (GPA) GUI to create and manage keys. While you can use GPG on the command line, it’s often easier to create and manage keys using a GUI program. If it isn’t, it can be easily found using your distribution’s package manager, usually with the name gpg. Most modern Linux distributions come with GnuPG preinstalled. To create a GnuPG keypair using the command line, use gpg -gen-key. The most widely used implementation of this standard (as far as Linux users are concerned) is GNU Privacy Guard (or GnuPG or GPG). This is known as end-to-end encryption. (Metadata, like the subject line, recipients, and time sent are all left in plaintext, however.) In basic terms, this means that the email is encrypted before it leaves your PC, so no amount of snooping on the email server you’re using will allow someone to see the contents of the file. In the context of email, your plaintext email is encrypted with a public key into either a file or ASCII cycphertext (which looks random to people and machines) that can only be read by someone with the matching private key.
0 Comments
Leave a Reply. |
Details
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |