Data encryption
encfs
encfs is a program to encrypt folders. The program is available on each computer in the CIP-Pool.
How to use encfs:
First, create two folders in your home directory as described below. The first folder will later contain the encrypted files. You will need the second folder when you modify the data. In the second folder the files will be shown unencrypted after you enter your password.
cd ~
mkdir private
mkdir readable
To set up the private folder for data encryption, enter:
encfs ~/private ~/readable
It is recommended to use the encryption mode that is set by default. Confirm with Enter. Enter your password.
Use this command whenever you want to access your encrypted files. To finish the processing of the data and to lock them away again, use command:
fusermount -u ~/readable
The readable folder will then be empty and all data will be safely encrypted in the private folder.
gpg
Data encryption with gpg
Example: Encrypt file "secret.txt" using pgp. (Enter a password:)
gpg -c --cipher-algo TWOFISH --digest-algo SHA512 secret.txt
or, for a very safe encryption (only safe if you use a safe password):
gpg -c --cipher-algo TWOFISH --digest-algo SHA512 --s2k-mode 3 --s2k-digest-algo SHA512 secret.txt
Further options:
--s2k-mode N
N can adopt either of the values 0, 1 and 3. 0 means that the password is directly used, which is not recommendable. 1 means that a sentence is added to the password; this is the standard. 3 is the most secure one, repeating the process used by 1 several times.
--s2k-digest-algo
This parameter expects a hash algorithm that is to hash the password.
An encrypted file will be created: "secret.txt.gpg"
Decryption:
gpg -d -o secret.txt secret.txt.gpg
You will be asked for your password, and an encrypted file will be created:
secret.txt
Short description: man gpg
Detailed description: