On 04/21/18 09:51, Glenn English wrote:
That's two recommendations for putting the secret in a separate file;Or how about creating that file, copying it to a CD or USB stick, hanging it on the wall, clearing out the directory, then mounting it when you want to use it.
Moving the encrypted file a removable media reduces the amount of time an adversary can potentially access the file.
zerofree can eliminate the leftover bytes of the original plaintext file and the original encrypted file:
https://manpages.debian.org/stretch/zerofree/zerofree.8.en.html https://packages.debian.org/search?keywords=zerofree&searchon=names&suite=all§ion=allencfs does both mounting and encryption. It is very convenient to use with a USB flash drive:
https://manpages.debian.org/stretch/encfs/encfs.1.en.html https://packages.debian.org/search?suite=all§ion=all&arch=any&searchon=names&keywords=encfsPlus, encfs uses FUSE. FUSE file systems can only be access by the user who mounted them; even root is blocked. (But, you must consider attackers who can log in to your UID and/or install daemons running under your UID.)
David