Web lists-archives.com

Re: Looking for advice on tools (or libraries) for unsupervised, bulk symmetric encryption/decryption of files




On Fri, 11 Jan 2019 21:45:57 +0000
Jonathan Dowland <jmtd@xxxxxxxxxx> wrote:

> On Wed, Jan 09, 2019 at 10:18:47PM -0500, Celejar wrote:
> >The standard encryption technology for linux is LUKS. It works on the
> >block device level, not the file level.
> 
> LUKS would be no good if the user wants to move/copy/share the encrypted
> files, encrypted, elsewhere: they didn't say so explicitly but that's
> the impression I got reading their message.

You're probably right; I realized after I wrote my reply (and read some
of the other replies) that my solutions likely weren't really what the
OP was looking for.

> >I believe that the most commonly used software for file level
> >encryption is EncFS. I haven't really used it much, and can't speak to
> >its long term stablity.
> 
> EncFS should not be used for any new file encryption project, IMHO.
> There was the following report in 2014:
> https://defuse.ca/audits/encfs.htm
> This is referenced in the NEWS file in the EncFS package
> https://salsa.debian.org/debian/encfs/blob/debian/sid/debian/NEWS
> 
> Both the report and the NEWS file are 5 years sold so I am not sure of
> its current status but I'd want to seek positive assurance.

Huh - good to know. But I was wondering, along similar (but less
informed) lines, how good some of the other suggestions were, e.g.
ccrypt. I know very little about ccrypt, but has it even been
audited at all? Is it sufficiently widely used that any vulnerablities
or misimplementations of the sort discovered by the EncFS audit would
have been looked for or turned up?

Celejar