Hey everyone! I'm running a CachyOS server with a RAID 6 setup, and we want to keep our files private while using shared storage. Since all my friends have access to this machine, we need a solution that allows individual folders and per-file encryption. I've read that file containers, like those used in Veracrypt, can be a hassle when it comes to transferring files. Ideally, I'd like to find some cross-platform, FOSS software that allows us to encrypt files individually — especially since most of my friends will be using Windows. If you have any suggestions or better ideas for keeping our files secure, I'd love to hear them!
5 Answers
Just keep in mind, any encryption must happen before files get uploaded. Using a backup solution like Borg could help, as it supports encryption before sending data over. Or you can try out tools like gocryptfs or ecryptfs for a seamless experience.
You might find python with the cryptography library useful for setting up a custom solution, though it's definitely not the easiest route. You could write a script for your friends to use that’ll encrypt their files before they upload. But, just a heads up, it's quite the task to get it up and running!
Exactly, that’s not ideal. I want them to be able to handle it themselves!
If each user has a separate account and no one has root access, you might not need per-file encryption at all. Basic file permissions should keep things secure. However, if you really want to protect your files, or if you're worried about someone with physical access, then encrypting them on the client side is a must! This way, even if someone gets into your machine, they can’t access your files without the encryption key.
That makes sense! But what if someone wants to share files securely? It seems like file permissions might not cover all bases.
True! Even with user IDs, the admin could still access the files unless there's solid encryption involved.
Are you running this on Windows or Linux? It might change the options available to you!
I'd recommend looking into something like GnuPG or OpenSSL for encrypting individual files. You can set up a workflow that lets everyone encrypt their files before they upload to the server. It's a bit of work but gives you control over what's shared. Just keep in mind, anyone uploading needs to have the right tools to handle encryption and decryption on their own machines!
That sounds good! But doesn’t that mean I have to manage everyone's keys?
Exactly, that's what I’m looking to avoid. Per-file solutions would let everyone manage their own.
Interesting! But isn’t that going to negate the idea of them handling their own encryption? Sounds like they’d rely on you.