Silent Posted March 16, 2015 at 10:36 PM Report Share Posted March 16, 2015 at 10:36 PM I'm looking for software that is able to encrypt and decrypt all files in a folder structure (several layers deep). I want a tool that encrypts the individual files and not just the folder so I can copy/move the files without decrypting them and if wanted decrypt them individually. A bit of background: To improve security against loss I want to create a backup in the cloud but don't really trust that the files are not shared and/or the service is not hacked. Though the material is not highly sensitive I still want to add an extra layer of protection. I prefer the files to be encrypted individually instead of an archive as that would make it a lot easier to use the backup as a repository while traveling. Any software out there that can do this? If there's choice I prefer a free open source solution. Quote Link to comment Share on other sites More sharing options...
mikelove Posted March 17, 2015 at 12:05 AM Report Share Posted March 17, 2015 at 12:05 AM VeraCrypt (https://veracrypt.codeplex.com/) should meet your needs - open-source successor to the now-discontinued TrueCrypt. Quote Link to comment Share on other sites More sharing options...
lechuan Posted March 17, 2015 at 12:47 AM Report Share Posted March 17, 2015 at 12:47 AM Mac OS? Or Windows? Or ? Quote Link to comment Share on other sites More sharing options...
Silent Posted March 17, 2015 at 12:59 AM Author Report Share Posted March 17, 2015 at 12:59 AM @lechuan: For now Windows will do. There is a chance that in the future I like to expand to linux or android. @mikelove: My first impression is that veracrypt works on entire volumes, not on the individual files. Is this correct? I'll have a better look tomorrow. Quote Link to comment Share on other sites More sharing options...
makochan Posted March 17, 2015 at 01:39 AM Report Share Posted March 17, 2015 at 01:39 AM AxCrypt? http://www.axantum.com/AxCrypt/ I've never used it but seen it on Lifehacker. Quote Link to comment Share on other sites More sharing options...
mikelove Posted March 17, 2015 at 01:45 AM Report Share Posted March 17, 2015 at 01:45 AM @Silent - yes, but the volume can be virtual - a file instead of an actual disk. The app mounts this virtual volume in Windows just like a real disk (which is a good thing - much more reliable / consistent interface than a third-party, app-specific GUI) but in the end it's just a flat binary file and so can be backed up / moved around just like any other file. Quote Link to comment Share on other sites More sharing options...
Silent Posted March 17, 2015 at 02:00 PM Author Report Share Posted March 17, 2015 at 02:00 PM @mikelove: you're right, but that makes it hard to use the cloud backup as a repository while on the move. It would mean downloading the entire volume over often poor connection and then extracting the file I want. That's at best time consuming if possible at all. If it works on individual files I can download the file I want, I would only download a few MB's or less versus downloading a few GB's @makochan: That looks great I've downloaded it and will check it out further. Quote Link to comment Share on other sites More sharing options...
renzhe Posted March 17, 2015 at 02:08 PM Report Share Posted March 17, 2015 at 02:08 PM If you're comfortable with a command line utility and want to encrypt files individually, GPG will be one of the easiest and safest options. To encrypt: gpg --symmetric -e filename To decrypt: gpg -d filename.gpg It supports a large number of cyphers, including AES, CAST5, and also does asymmetric encryption, keyrings and all that stuff if you want to get fancy. TrueCrypt, LUKS and the like are for the case when somebody physically steals or confiscates your hard drive, not really for cloud storage. In the case of cloud-based backup, I agree with you -- encrypt it locally, upload the encrypted file. 1 Quote Link to comment Share on other sites More sharing options...
Silent Posted March 17, 2015 at 10:58 PM Author Report Share Posted March 17, 2015 at 10:58 PM All thanks for the suggestions! Axcrypt seems to do an excellent job, it not only encrypts, but also compresses a little. I'm in the process of setting it up that way. gpg looks good too and may offer a better prospect of automating the process. My scheduled backup process however generates archive files. So in order to make that work the way I want I've to redesign it. Again, thanks for the suggestions! Quote Link to comment Share on other sites More sharing options...
renzhe Posted March 18, 2015 at 11:04 AM Report Share Posted March 18, 2015 at 11:04 AM It shouldn't be hard. You can encrypt the archive, or you can archive the encrypted files, gpg does not care what type of files you feed it. Quote Link to comment Share on other sites More sharing options...
m000gle Posted March 19, 2015 at 12:57 AM Report Share Posted March 19, 2015 at 12:57 AM I'm not sure that you will find a single tool which will satisfy all your requests; but if you break things down a bit, and make use of 2-3 tools, it shouldn't be difficult to have a safe, robust and flexible workflow that more than meets your needs. Before doing any of this, though, please remember a few caveats: If you lose your keys, your data is gone. If this isn’t the case, then the service/tool is probably broken by design. While the tools and workflow listed are perfectly legal/acceptable anywhere with some semblance of the rule of law and right to privacy, this may not be the case in all jurisdictions and this may be something to consider while travelling. While this will keep you very safe from unauthorized and/or unlawful access to your data, this in no way exempts you from warranted lawful access, in jurisdictions where such laws exists (i.e. you can still be compelled to disclose keys). The previous two points are especially true when passing through customs, as even jurisdictions with personal privacy provisions often toss them out the window when entering/exiting the country. 1. Full Disk/Filesystem Encryption Full disk/filesystem encryption is one part of the equation. In essence, this ensures all of the data on your device is encrypted, requiring you to enter your key at boot (please, use a strong passcode!). From this point on, your device functions as normal, despite the fact that anything written/read to/from the disk will be encrypted. The options built in to Windows 7 ("BitLocker"), Mac OSX ("File Vault 2"), Linux ("LUKS" etc), iOS/Android etc are more than adequate for your use case; they're easy, and will prevent unauthorized access to your data, should the device be lost. To be honest, given the amount of data on our easily lost mobile phones and computers, everyone should already be doing this. 2. Secure "Cloud" Storage For this part of the equation, I would recommend a service like tarsnap (http://www.tarsnap.com/). This service: Is cross-platform (Windows, Mac, Linux, BSD, and pretty much anything other UNIX-like environment); implements de-duplication, saving bandwidth and storage costs; uses strong encryption, something I assume is important to anyone asking this question; is encrypted at the client side, meaning only you have the key and nobody but yourself can access the data (remember: lose the key, and even those who run the service can't get your data back!). I've never really done this step, as I've never felt the need; however, if secured and encrypted "cloud" storage is what you need, something like this is really your only option. 3. File/Archive Encryption I put this as a separate category as, if you're doing the above-mentioned two steps, this one isn't really necessary, and doesn't provide much additional security beyond another layer of abstraction. GPG is a great option, as described by renzhe already; but I can't speak for the other software mentioned. TL;DR Encrypt your filesystem, and make sure your cloud storage is encrypted at the client side. If you really need more than that (eg. diplomat), then there are added measure you can use (invisible partitions, self destruct keys etc); however, your use case in no way needs these, and if it did you wouldn't be asking how to secure your data here 1 Quote Link to comment Share on other sites More sharing options...
imron Posted March 19, 2015 at 01:31 AM Report Share Posted March 19, 2015 at 01:31 AM +1 for Tarsnap, but just be aware you need to compile it from source (the author doesn't distribute binaries). Also, although saying it runs on Windows is true, it's also going to be complicated exercise and might be too much for some people. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and select your username and password later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.