[ILUG] Keeping personal data personal

[Pádraig Brady]

On 11/07/2011 05:53 PM, ollie at eillo.org wrote:
> Hi,
> 
> Ill be moving abroad soon and need to transport various PCs and laptops. I have a large folder full of archived emails, letters, banking info etc.
> 
> I don’t want anyone getting their hands on my personal data in while its in transit.
> 
> Can anyone recommend a way to encrypt the whole folder, preferably in a way that I can access it from both Linux and Windows? Compression is not necessary.
> 
> I can do it with RAR/ZIP but it seems you can still view the file names and types – you're only prompted for a password when you want to view or extract the file. It's secure, but not fully confidential.
> 
> Has anyone had any experience here? I have to be able to move it around on an external HD in a secure manner.
> 
> Thanks!
> 

If data was ever unencrypted on a disk, then it's awkward to then encrypt it,
as you don't know what part of the free space, block slop at the end of files
or even temp files will have sensitive data.

To be sure:

tar -c folder | gpg -c > /someplace/external/file.tar.gpg
shred /dev/sda # Yes completely nuke your whole disk
reinstall and create an encrypted file system
mount folder on said file system
gpg --decrypt < file.tar.gpg | (cd folder && tar -x)

Now you might think that if your folder/ was on a separate
file system, that you can just nuke and encrypt that.
But /tmp or swap etc. are often on another part of the disk and
so may contain sensitive data.

Personally I only have a small file with account numbers etc. encrypted,
and I'm careful to never decrypt to disk.
Also I've a work laptop that has the whole disk encrypted which is
an install option on Fedora 15 and 16 at least.

cheers,
Pádraig.