Encryption, Secure File Management & Knowledge Work
Hello all, I'm relatively new here. Pardon me, because I have a lot of questions pertaining to file encryption. If there is one or more comprehensive web pages that can answer all of these questions, please feel free to drop it and carry on, I'd greatly appreciate it. I am a total novice in this area. I hope that this is the appropriate section that I am posting in.
Does anyone encrypt their files? Whether it be notes, pdfs, or any other sort of material that they prefer to keep secure?
How does file encryption affect your workflow as far as accessing documents (particularly on mobile) and managing them in other applications is concerned?
I'm trying to develop a scheme where I have a few files that are less-storage intensive kept locally and synced via Syncthing and have larger documents stored in the cloud. Is this a reasonable approach? One way or another, I'd like to encrypt both groups of files and maintain backups through Backblaze.
I'm aware of applications such as Veracrypt, Cryptomator and GnuPG -- which is the most efficient and reliable? Or there any alternatives? How will the use of vaults and containers by Cryptomator and Veracrypt affect the accessibility and utility of my files? For example, will file paths be altered and broken?
In addition, what sort of leverage can be made with a Network Attached Storage device (built with a Raspberry Pi for example)?
I hope that my line of questioning is not too exhaustive. Thank you in advance.
I look forward to engaging in future dialogue with you lot.
- `Abd
Howdy, Stranger!
Comments
The first question you should be asking yourself regarding encryption / security, is what your threat model is. Otherwise encrypting might be pointless or you might end up failing to actually protect against the kind of threat you want to be protected against, so it is always important to keep this answer clear in your mind.
I encrypt almost all my drives, so that if they might get stolen, they won't also have stolen my data. This does not provide any protection once the system is unlocked though. For the few files that I want to have secured away always, even on my running system, I use a encryption partition rather than encryption on a per file basis. For the drives I use OPAL (sedutil) when supported or LUKS (Linux).
Because I use disk/partition, once unlocked I get access to the whole as normally. My protection on mobile could be better. I plan to secure it with a YubiKey.
If you encrypt them as you plan too, I don't see any problem with this.
I doubt there will be much difference, since most time should be spend encrypting, and those implementations should not differ much. Personally I would go with GnuPG, simply because I trust it the most. For the same reason I would go with OpenSSH over any other SSH implementation. Long history, well tested, and lots of eyes on it.
I do have a NAS at home, but I think if your goal is to have your files accessible everywhere, you cannot beat cloud solutions in terms of accessibility, ease of use, stability, and network connection (home networks tend to have low upload, for example).
Good luck with your efforts!
Thank you. My understanding has definitely increased after reading your comments. I feel confident moving forward with this process.
GnuPG seems like a good way to get familiar with the practice of encryption/decryption, no?
Also, how do you use your NAS?
Thanks again.
No and yes, it is not the most user friendly of encryption tools out there, but due to its popularity it should be easy to find resources about, be that tutorials, answers or help on forums. Especially for setting up your private keys, you will need to learn some stuff, but once setup, it is relatively straightforward. I have been using it to encrypt password files.
In my case it is more a local server used in part as a NAS. I use it to store my backups and sync some of my files to with Syncthing. It also runs a local instance of the reversed engineered implementation of Bitwarden.
I understand you completely. Thank you for referencing me to bitwarden_rs. As a Bitwarden user I can imagine making use of it as my efforts develop. I'd hate to bombard you with one question after another, but I'm benefiting greatly from your input.
Are there any extra resources or information that I should be aware of?
Haha, moments like this it would be nice to just search for the related Zettels and show them to you, unfortunately I am not at that point yet. I assume you ask this question in the context of your NAS and security? On top of my head I can only point you to ZFS, which is a good file system for file integrity, making it very useful for NASes and backup machines.
Unrelated to this, if you can handle yourself well enough on Linux, than Nix or NixOS is definitely worth taking a look at. Which appropriately enough has somewhat of a similar effect of Zettels, in that I have many Nix files of semantically self contained system configuration, so this makes it easy to know where to look to change things and you a record of how you configured things, in contrary to many other package managers / Linux distros where you just edit config files that are all over the place.
If you ever have the desire and opportunity to publish or share any Zettels of yours pertaining to this sort of topic, please notify me. 1
Again, thank you for referring me to Nix and NixOS. I'm also interested in learning a solid Linux distribution or something from the BSD catalogue. Something secure that can be the basis for building a solid environment of information sharing and development.
Aside from "public Zettelkastens" and brain dumps, has there been any other documented efforts of interpersonal or communal Zettel sharing? Brain dumps and public Zettelkastens don't necessarily facilitate any dialogue between the curator and general public. I've heard of the concept of even collaborative Zettelkastens, but have never seen one in action. ↩︎