Few days ago I posted an article on my blog about using some kind of cryptographic system to protect my files on the cloud. I pointed to encfs as a long time user with some caviats and I wanted to substitute it with another more robust and secure system.
Easy to use (productivity wise) and system desktop integration are bonus points, so as an archlinux (antergos) user with kde and ubuntu user with gnome desktop I need some crypto that allows me to put some crypted file on the cloud (nextcloud, dropbox, ...) and keep it synced on all my computers.
Summary
As I wrote on the article, I read this comparison table to find out what to use.
encfs has been around here for so long, but has some minor problem that affects to cloud files. Nowdays is mantained but no longer developed. It's audited though.
cryfs was my first choice because using kde desktop it integrates really nicely with kde-vaults, so I just had to make it work on ubuntu. Here comes the problem because ubuntu's 18.04 cryfs current version is 0.9.9 AND archlinux's version is 0.10.0, and files are no backwards compatible (as I previously posted).
I could compile from source and forget the problem, but I prefer to keep this packages updated from a stable repo and with known default config.
So I decide to keep using encfs even knowing its problems (I think is enough to my purpose).
Fediverse comes to help
After publishing the article I got a toot from @tomas that sugested me that I should give a try to gocryptfs.
Long story short, I read the gocryptfs website documentation, the man pages from the package and I saw something that I notice it could be useful: you can pipeline the gocryptfs password from another shell script or "program" to the gocryptfs prompt, so I imagined an scenario where I could benefit from using password-store (gpg crypted password storing system) and send the result to gocryptfs.
Final Config (so far)
So I got the gocryptfs crypted storage password from my password-store and send it to gocryptfs script to mount the volume.
$ pass /path/to/gocryptfs_password
will prompt for your gpg key password you are using to secure your passwords
$ gocryptfs -extpass "pass /path/to/gocryptfs_password" ~/your_cloud/crypted_folder ~/Personal_clear_data
will equally prompt for you gpg password and send it to gocryptfs and then it automatically mount this "~/Personal_clear_data" folder on your home folder.
You then could use a long and secure password that you dont need to remember and just write your gpg password (that should be secure enough and DO NOT may want to store on your system (kde-wallet, seahorse, ...)
The next step is
Create an Alias
Alias are short names for shell comands.
Edit ~/.bashrc
file adding
alias mountCFS='gocryptfs -extpass "pass /path/to/gocryptfs_password" ~/your_cloud/crypted_folder ~/Personal_clear_data && dolphin ~/Personal_clear_data'
dolphin ~/Personal_clear_data
This part opens this folder on dolphin, KDE's default file manager. You may use your own or ask for system's default (on kde) with
kfmclient exec ~/Personal_clear_data
save,
$ source ~/.bashrc
Now just writing on a shell
$ mountCFS
will ask for your gpg password, mount the file system and open dolphin on this folder. You have autocomplete available on the shell, so using a good alias name (diferent from any other command) you may just write "mo" and then hit "tab" will complete the command.
Mount file system alternatives
- create desktop shortcut for the command
- use your desktop shortcut launcher (alt+f2 on KDE)
- using sirikali on both desktops
- create a /etc/fstab entry to mount on system start up (not recomended)
you should choose the option that you feel more comfortable with. Any sugestion? Please tell me ;-)
umount
when you've finished working on your files you should unmount the Personal-clear-data volume. You will create another alias for this task.
alias umountCFS='fusermount -u ~/Personal_clear_data'
As usual I'll apreciate any sugestion or correction to this article and I'll try to answer any question you have. Please, help me to solve any grammar mistake I'd made on this article.
Reference
edited 17/08/2019
- How to encrypt files with gocryptfs on Linux with some insights of this system and possible caveats.
Comments
October 7, 2022 08:17
The information you mentioned in this article is really helpful to me, Word Hurdle thanks to your review and comparison, I have a better understanding of each type.
October 12, 2022 07:41
It’s extremely pleasant and meanful. it’s extremely cool blog. Connecting is exceptionally valuable thing.you have truly helped bunches of individuals who visit blog and give them usefull data. USA
October 12, 2022 18:45
I was extremely satisfied to discover this site.I needed to thank you for this incredible read!! I certainly getting a charge out of each and every piece of it and I have you bookmarked to look at new stuff you post. ดูหนังออนไลน์ฟรี
October 15, 2022 15:04
I wear t have room schedule-wise right now to completely read your site yet I have bookmarked it and furthermore include your RSS channels. I will return in a day or two. much obliged for an extraordinary site. 안전놀이터
October 29, 2022 14:49
It’s extremely pleasant and meanful. it’s extremely cool blog. Connecting is exceptionally valuable thing.you have truly helped bunches of individuals who visit blog and give them usefull data. 안전놀이터
October 30, 2022 15:39
Deepmaterial is reactive hot melt pressure sensitive adhesive manufacturer and supplier, manufacturing one component epoxy underfill adhesives, hot melt adhesives glue, uv curing adhesives,high refractive index optical adhesive, magnet bonding adhesives, best top waterproof structural adhesive glue for plastic to metal and glass, electronic adhesives glue for electric motor and micro motors in home appliance. Industrial Hot Melt Electronic Component Epoxy Adhesive
November 1, 2022 18:26
It is particularly conventional, however investigate the tips amid this street number. 온라인바카라
November 2, 2022 19:08
It is particularly conventional, however investigate the tips amid this street number. 플레이포커홀덤머니상
November 8, 2022 10:09
It is particularly conventional, however investigate the tips amid this street number. sell merchant accounts
November 13, 2022 11:52
Mycatttery is the best place of munchkin cat for sale. We are a home kennel dedicated to providing you with high quality Munchkin kittens. munchkin kittens for sale
November 15, 2022 11:23
Welcome to Chris and Bella’s Cattery, we dedicate our lives to the breeding of munchkin cat for sale and Scottish fold munchkin cat for sale for any family who is caring and loving who needs to add our adorable fur babies to their lives. Our kittens and cats are well behave and well trained to fit into any family with kids, birds, dogs and other pets. Getting a munchkin cat, kitten or Scottish fold munchkin from our cattery will mean getting a loving, caring and passionate friend or partner for the rest of your lives. munchkin kittens for sale
November 15, 2022 19:55
it’s extremely pleasant and meanful. it’s extremely cool blog. Connecting is exceptionally valuable thing.you have truly helped bunches of individuals who visit blog and give them usefull data. 토토