How do you manage your different encrypted files/storages?

sxan, 7 months ago

gocryptfs, because encrypted shares are accessible cross-platform(ish), and I have high confidence of having either a working static binary, or the ability to compile one, several years in the future.

Passwords are all in a pass store, and also in a keepass db. I’m probably going to do away with pass and go back to some secret-tool backed be keepassxc, though, as I haven’t been very happy with pass (I use gopass, but same db format). I depend far more on keepass, and keeping the dbs in sync is a minor PITA, as well.

In any case, I have a bespoke bash script that mounts/unmounts shares on demand via a rofi dialog. pgp-agent does the password prompting as necessary, which pass uses to decrypt the passwords.

Everything - including the encrypted shares - is backed up by restic to encrypted backups - one each in B2, one each on local portable USB HDs.

plague_sapiens, 7 months ago

Linux and Luks full-disk-encryption for every system. Remotely unlockable via ssh. HDDs are unlocked via keyfiles which are on the fd-encrypted SSDs.

For windows you can use VeraCrypt (don’t use Bitlocker!).

For single files I usually use 7zip or Peazip with long passwords.

retiolus, 7 months ago

HDDs are unlocked via keyfiles which are on the fd-encrypted SSDs

I hadn’t even thought of that!

sxan, 7 months ago

I like this idea. I never use keyfiles - I’m irrationally paranoid of losing them - but I’ve been doing a good job of regularly backing up (in a way I’m confident of recovering from) for the past several years, so I’m going to let go of that fear and embrace keyfiles.

LWD, 7 months ago (edited 6 months ago)

deleted_by_author

plague_sapiens, 7 months ago

Why riskier? Keep a backup of the boot-image and you’re good. And do generally backups of files and devices. Haven’t had any issue for years with Win10/11 and VC. Win7 and TC/VC on the other hand was awful…