[RndTbl] multi-platform encryption

Sean Cody sean at tinfoilhat.ca
Thu Aug 14 20:51:39 CDT 2014


openssl enc <-- encryption
openssl dec <-- decryption

openssl available on almost everything.
Keep key on removable media device.

Encrypt new files with said key and add something .enc to it's name.
Need some kind of file watcher app (like Hazel on the Mac... not sure don't really automate to that degree these days) to run a batch script whenever a file shows up in the folder that doesn't end in .enc to encrypt.

Wrap your text editor in a decryption->edit->encrypt->replace script.

The multi-platform requirement is what makes things difficult and there are no real viable truecrypt replacements as of yet.

No matter what you choose, key hygiene and automation will be the weakest link in this scheme.

-- 
Sean



On Aug 12, 2014, at 3:00 PM, Dan Martin <ummar143 at gmail.com> wrote:

> I am in need of encryption software that would keep files encrypted on the cloud as well as local on all machines.
> 
> Here is what I'm looking for:
> 
> Downloaded files saved to a particular folder on a Windows 7 or 8 machine would automatically be encrypted (after a prompt for passphrase).  Ideally, this folder would be in a Dropbox or Google Drive folder, or on a thumb drive.  No record of the unencrypted file would remain on the local PC (I am not worried about pieces of it on swap).
> 
> I would prefer that the files are individually encrypted with the same passphrase, rather than added to one large file which is encrypted.  I don't want the cloud storage to have to recreate the whole folder, and I don't want a bit error to trash all of my files.  The file names do not need to be encrypted.  
> 
> Since I will be the only user in the foreseeable future, a symmetric encryption scheme would be fine.
> 
> From the cloud (preferably) or thumb drive folder, my ruby program running on Mac OS X would edit the files.  I would also want to be able to decrypt the files to view in a text editor or other software, after which I would secure erase copies of decrypted files - again, no unencrypted files on the local machine other than in swap.
> 
> This is the ideal.  An alternative would be to send the files via https to a web server on the Mac (which could handle encryption in a local Mac environment) and the secure erase the files on the PC.  If I did this, could I send the files unencrypted (since https will encrypt them while they are on the internet)?
> 
> True Crypt appears to be close to what I want, but it is discontinued.  I don't know if I could use something like gpg, since I don't have admin privileges on the PC.
> 
> -Dan
> 
> -- 
> Dan Martin, MD
> GP Hospital Practitioner
> Computer Scientist
> ummar143 at shaw.ca
> (204) 831-1746
> answering machine always on
> _______________________________________________
> Roundtable mailing list
> Roundtable at muug.mb.ca
> http://www.muug.mb.ca/mailman/listinfo/roundtable




More information about the Roundtable mailing list