# Encrypting Personal Files

## m00dawg

I'm trying to figure out if GPG would be a good tool to encrypt personal files (ie files I don't want to send to anyone but wish to keep them from prying eyes just in case my box is compromised or something of that form). If GPG isn't the tool of choice, what would that tool be?

----------

## nitro322

gpg would work fine.  Just encrypt the files to yourself, and only you will be able to open them.

Or, if you'd prefer to do without the public key part, you could use asymmetric encryption instead.  This lets you just simply enter a password to encrypt/decrypt the file.  bcrypt is available through portage, and it seems to handle this well enough.

----------

## m00dawg

Do you know which might be better? My concern was what if I lost my keychain or something like that; would I still be able to decrypt the file?

(Watch out here comes a dorky CS discussion  :Smile: )

I was thinking about how to approach something like this (iRSA is going to be our next computer science proggie so I've been thinking about how to actually use my hard work  :Smile: ); I what might be interesting is to generate a public key to encrypt the file and then use a private key, which the user must type in at a prompt, to decrypt it.

The problem of corse is that no one wants to type in "FFAA0485715FB," but rather "IAmGodThisPasswordSucks"  :Smile:  I was thiinkig that if you could then create a public key based off the private key which could then be used to encrypt the file and then use a hash or conversion function to convert the key to a password. The end result is that the user only has to type in their password but the encryption scheme is there and the key to decrypt the file isn't stored within the file itself (since it was encrypted using a public key).

(end Dorky CS discussion  :Very Happy:  )

Honestly, thouhg, I have no idea if that would work  :Smile:  Especially since the assignment is a good week or so away...

Of course, i bcrypt does something like this then all the better   :Razz: 

----------

## sschlueter

 *m00dawg wrote:*   

> 
> 
> Do you know which might be better? My concern was what if I lost my keychain or something like that; would I still be able to decrypt the file?
> 
> 

 

You could simply use gpg --symmetric

----------

## latexer

if you're looking for a purely symmetric encryption, and a GUI, you can check out gringotts. it's a GTK2 app that encrypts mainly text files, but also can have attached files of any type. you can choose between a wide range of algorithms you can use for encrypting. pretty nice little app.

----------

## m00dawg

Wow no foolin' it is a nice application indeed, though the GUI took a bit to get used to (not the most friendly out therre). Definately worth the install though. Thanks for the tip!

----------

## TenPin

As far as I can remember if you just do:

```
gpg <file>
```

With the same on a .gpg file to decrypt. It defaults to encrypting the file using symetric encryption. I think this effectively compresses the file aswell.

----------

## nitro322

 *sschlueter wrote:*   

> You could simply use gpg --symmetric

 

ahh, forgot about that option.   :Smile: 

----------

## jesterspet

If you are worried about your box being compromised, and want your data to be stored securely, you do have more choices.

You could use public key encryption on a per file basis.  This is strong encryption, but if you loose your private key, you also loose access to your data.

There is also symmetric encryption which only requires a password.  The down side to this (I believe) is weaker encryption.

You could also look into encrypting your entire disk.   Chadders has a pretty good thread on this here.  It current downside is your partitions are limited to 2GB (the 2.6 kernel removes this limitation)

And that pretty much covers the practical encryption portion of this post.

You can also look into Access Control Lists (ACL's).  These will limit the access any program or process has to any file on your computer.  

I am still learning about using these, but so far, I know you can turn root into the equilivant of a nobody account.  I am still trying to get root to a false account (e.g. the equal of /bin/false).  ACL's are great for permission security, and if you have to , you can slap the drive into a computer that does not have ACL's enabled and retrieve your data.  This is both a good & bad thing, as someone else can do that just as easily as you can.  Encryption prevents this from happening, as the file will be encrypted regardless of what computer you try to read the file in.

----------

## m00dawg

 *jesterspet wrote:*   

> If you are worried about your box being compromised, and want your data to be stored securely, you do have more choices.
> 
> You could use public key encryption on a per file basis.  This is strong encryption, but if you loose your private key, you also loose access to your data.
> 
> 

 

Well, the problem that I thought of is what if my box was compromised and they could then access my private keychain? I know it is at least lighty encrypted but that's not good enough for me  :Smile:  I suppose I could store my private keys on a floppy, CD-ROM, or even a USB flash drive or something but I think I have decided on using gringotts. Granted, it is symmetric but that also means that there are no private keys lying around that I have to fool with.

I thought about encrypting my filesystem but I honestly don't know enough about it to make a judgement. Isn't file I/O slower this way, however?

Really the big reason I wanted encryption was just to keep my fiancee from seeing what I'm going to get her for Christmas  :Smile:  well that and I wanted to make a password list so I don't have to remember so many and so they can be a bit more complicated. 

Of course it wouldn't hurt to encrypt other things in this way...just in case "Big Borther" is watching (STOP WATCHING ME!!!!! I KNOW WHERE YOU ARE!!!!)...err...yeah.... :Laughing: 

Thanks for the info  :Smile: 

----------

## TenPin

 *jesterspet wrote:*   

> 
> 
> There is also symmetric encryption which only requires a password.  The down side to this (I believe) is weaker encryption.
> 
> 

 

No, if you take the same key size for symmetric and asymmetric, symmetric is much much stronger encryption. This is because asymmetric encryption holds the encryption key in public which can be partly used to crack for the private key. (IANAM)

----------

