1

I was able to encrypt a directory so that it can not be deleted. And I encrypted the file in the folder. But then I was able to delete the encrypted file in the encrypted folder, in which case, encrypting them was pointless b/c it did not save my file from being deleted.

To encrypt the folder, I used "sudo mount -t decryptfs ~/file ~/file". During the process it asked me if I wanted a clear text passthrough and if I wanted to encrypt the file (I think that's what it was), but the program would only work if I put yes for #1, and no for #2. To encrypt the file I used "gpg -c filename".

There must be a way to prevent the file from being deleted, or, not even being able to get to the file since I would think an encrypted folder would protect the contents, otherwise, what's the point.

I looked for another way to encrypt, found vera-crypt, but that is for the entire hdd, apparently. Is there a simple solution here, or should I look for a completely different method for encrypting the directory? Thank you.

sgu55
  • 81
  • 2
    Backup your encrypted data in multiple locations, sounds like a good solution. An encrypted file is just a file, and a file can be deleted. The point of encryption is not to protect from deletion, but to protect from unauthorised access. – Kusalananda Jul 21 '19 at 16:11
  • Veracrypt isn’t only for an entire hdd. However it will not prevent deletion either, for the same reasons given in the answer you already received. – Wildcard Jul 21 '19 at 17:41

2 Answers2

0

Yes a completely different method

Why your current method will not work.

Imagine some text written on a dry wipe white board, it is written in a foreign language. You have a cloth in your hand. You want to clear the board. Can you do so? Dose the text being in a foreign language hinder you.

The best that you can do is to have the whole lot encrypted into one file, that way it is hard to delete a single file. But someone can still delete the whole lot.

What to do

To prevent deletion, you need to use file permissions. see What are the different ways to set file permissions etc on gnu/linux . You should also back up your files. Revision control is another very useful tool.

Community
  • 1
ctrl-alt-delor
  • 27,993
  • Thank you. In terms of someone deleting files/ folders from my computer, I am solely trying to prevent their deletion from someone who has remote access to my computer, should that happen. In regards to file permissions, it seems that someone with remote access could easily change them, unless a password is needed. I tried doing "sudo chmod.....", but it didn't prevent me from going in after and changing it from non-sudo. Any way to make permissions sudo-only? Any way to encrypt directories so they don't open? I'll check the link above and revision control. Thx. – sgu55 Jul 21 '19 at 19:11
  • Why are you allowing remote access? – ctrl-alt-delor Jul 21 '19 at 22:26
  • If a user has the capabilities of root (e.g. by using sudo), then they can delete everything (the whole operating system, and all user files). The solution don't give sudo privileges, give each user a separate account, and don't let strangers have remote access (not until you know what you are doing, and can restrict their access). – ctrl-alt-delor Jul 21 '19 at 22:28
  • A remote user with root capabilities (e.g. sudo privileges), can scan memory and read encrypted data, if it is currently unlocked by another user. You need to take away the sudo privileges, and restrict who you allow to remote login. – ctrl-alt-delor Jul 21 '19 at 22:32
  • Thank you. "In terms of someone deleting files/ folders from my computer, I am solely trying to prevent their deletion from someone who has remote access to my computer, "should that happen"." I'm not giving or allowing anyone remote access (intentionally). In short, I have someone trying to hack me and I want to harden files and directories should this person get onto my computer. If they do, they shouldn't have root access unless they are able to break my password. I'm the only 'user'. Thx. – sgu55 Jul 22 '19 at 07:38
  • How can they read encrypted data with root privileges? Wouldn't they need my encrypted private key, which is 'not' located on my computer? – sgu55 Jul 22 '19 at 07:41
  • The key is on the computer, when in use. – ctrl-alt-delor Jul 22 '19 at 13:07
  • I was told the key is wherever I downloaded it to. After I downloaded it, I cut and pasted it to my usb drive. The only way I can see it being on the computer would be in a hidden folder. – sgu55 Jul 23 '19 at 12:53
  • You downloaded the key? From where? Whose key is it? This is not secure. – ctrl-alt-delor Jul 23 '19 at 13:45
  • It will still be on the download drive. Computers don't delete, they only remove the reference (filename), and mark the space as free. It will still be there until you write over it (even this may not be enough). Then every time you use it. It has to be loaded into the computer. – ctrl-alt-delor Jul 23 '19 at 13:46
  • at ctrl-alt-delor: I didn't download a key, I created one with "ssh-keygen". – sgu55 Jul 23 '19 at 17:02
0

I found the answer on a video.

To lock a folder: "sudo chmod 700 filename" "sudo chmod root:root filename"

To unlock a folder: "sudo chmod 777 filename" "sudo chown root:root filename"

It's been working using these. I can not delete, move to trash, open, or copy after locking it. Thanks for the help!

sgu55
  • 81
  • 1
    your question talks about encryption, so it's worth noting that chmod and chown aren't encryption, but access control. The difference is that access control only works as long as the files are access through the OS kernel. But it doesn't so anything if someone gets their hands on your hard drive and reads it in their machine. That's what disk encryption is supposed to work against. – ilkkachu Jul 23 '19 at 13:11
  • Note that changing the permissions and ownership of a file does not prevent the root user from reading or deleting the file. – Kusalananda Jul 23 '19 at 13:32
  • Thanks. I will keep in mind that the files could be read on someone else's computer and that this is not encryption. I'm glad you mentioned it! So long as the root password is not broken, I am the only root user. Thanks. – sgu55 Jul 23 '19 at 17:00