Main Category > All Technology & Tech Help

Why Cryptkeeper in Linux is a Great Choice for Encryption

(1/2) > >>

The Gorn:
A few months ago, I was asked in a thread:


--- Quote from: The Gorn on October 25, 2017, 07:09:19 pm ---> Encryption -- just check the default when you install and you're done (why CryptKeeper?)
--- End quote ---

The user meant check the encryption for the hard drive.

I don't think encryption for the hard drive is necessary or desirable. But there is always a need to cloak personal, financial and business files.

Also, I want to make that decision of what and how much to encrypt on the fly, not dedicate a fixed portion of the drive to an encrypted partition.

Cryptkeeper is a Linux system utility (with user interface accessories) for creating and mounting an encrypted virtual folder, say to your /home directory.

The programs Veracrypt and Truecrypt (discontinued but available in old versions) are available for Linux.

These programs, along with "rsync", are responsible for causing my PC to reboot or stop/power off for no good reason.  I have heard of something called a "kernel panic" which forces an OS shutdown. I am guessing these apps cause such a kernel panic even though they are user mode programs.

Rsync will quite often crash my system if I attempt to do a task kill of an rscync process (I ran into this a lot when debugging rogue backup processes.)

When Veracrypt has a drive mounted, my system can crash at any time when accessing that mounted volume.

Cryptkeeper has an entirely different method for mapping a file system compared to the usual encryption tools. This different method ensures the safety of the stored data. And, oh, I haven't had one crash attributable to Cryptkeeper.

In Veracrypt, you have one large file system file that contains the entire encrypted volume. Corrupt that file and you may lose the entire volume.

In Cryptkeeper, if you create an encrypted volume called, say, /home/fred -

The software creates a parallel hidden folder named .fred_encfs

When you mount /home/fred, every file you then create and work with is saved to an encrypted file with an encrypted name within the .xxxx_encfs folder. Folders and subdirectories are created in parallel within the encrypted file space directory, again with encrypted individual names.

It looks like this:



The important thing here is that only individual stored files, not all of the files, are subject to loss.

Also it's more efficient for backup/restore: a backup or restore can operate just on changed files, not by literally re-saving an entire encrypted volume that has changed.

benali72:
Wow, great information. Thanks for sharing your hard-won experience.

Yeah, I think if you check Encrypt when you install linux, it only encrypts your Home folder using encryptfs. Not much flexibility.

As you show, Cryptkeeper has some really important benefits.  Thanks again, I'm filing this in my LEARNING_KEY_STUFF folder.

The Gorn:
On the other hand, I've read anecdotally that the encryption used in Cryptkeeper is much weaker than the accepted state of the art.  I don't know about that. My gut feeling is that Cryptkeeper would be completely safe for storing tax and financial and personal records and other stuff.

But I like it because in addition to stability Cryptkeeper appears to be a well integrated part of the file system. The folder containing the virtual encrypted folder is under /home/someuser. When not in use (not mounted) this folder isn't available.

To use the encrypted volume you first run the command "cryptkeeper" which displays a key icon on one of the desktop panels. When you click that key you get a small dialog prompting you for the password. When you enter the correct password the volume is automatically mounted.

The authors planned for the base encrypted files to be backed up, restored, and manipulated as objects in their own right as necessary. Cryptkeeper has an import function to import another installation's encrypted files into storage on the computer.

Richardk:
I never considered a crash in Linux with an encrypted drive being open. What about in Windows? Do you still use Veracrypt or switched to something like Axcrypt, which I believe also uses individual files instead of one large file in Windows?

The easy backups and crashing one file vs the entire volume is a huge factor but again, how big is the volume and how often does it crash? Also I've never compared the two either.

benali72:

--- Quote from: Richardk on April 29, 2018, 04:50:08 pm ---I never considered a crash in Linux with an encrypted drive being open.

--- End quote ---

I use linux with the default encryption (encryptfs) on the home folder. As far as I can tell, when crashes occur using encryptfs, they are treated just like automatic recovery from an ext4 filesystem. I've never lost anything over a decade of use. IOW, it appears that encryptfs works just like any modern journaled filesystem.

Navigation

[0] Message Index

[#] Next page

Go to full version