Home » Forum » Trisquel users
Submitted by Cathie3 on Sat, 07/26/2025 - 15:15

How to encrypt files

6 replies [Last post]
Sat, 07/26/2025 - 15:15
Cathie3
Cathie3
Offline
Joined: 04/22/2024

Dear Coomunity

I have heard that files on the pc can be read as soon as the internet is opened?

So I am thinking about encrypting them. I searched for ccrypt as a tool which seems to be relatively easy to use, but it is not in the repos. I also searched with the terms Verschlüsselung or enxryption but had no results.
Does somebody know the concrete options trisquel offers and the way to install or work with it?

Thanks a lot in forward!
Cathie3

Top
  • Login or register to post comments
  • +1
    0
    -1
    Please use the rating system to mark posts that go against the Community Guidelines
Sat, 07/26/2025 - 23:47
#1
GNUser
GNUser
Offline
Joined: 07/17/2013

Hey Cathie3,

So, I suppose I would first take step back and a deep breath :)

I too have in the past dealt with the "fear of invasion". And in some ways yes, with all the bugs that are constantly appearing in software, and targeted attacks by malicious players... I still take care of my security and privacy.
BUT... that is not the same as saying "files on my machine are read as soon as the internet is opened".

Computers (as in a general sense) communicate in a server-client relationship. When a program serves data, and the client receives that data. In a simplified manner, when your browser accesses a website, the website is "served" to your browser (the client). That means that anyone can access any file on any server? No. IP restrictions, passwords, among other, are tools used to state which files you are allowed to access in a server.

Now, when you use your browser to upload a file to the website (posting a photo online for example) you are kinda reversing it. Your browser is serving the data in that moment.
So, can a bug or a security issue in your internet facing applications be used to read files from your computer? Yes. However, that is largely unlikely to happen if:

1. You keep your system up-to-date;
2. Don't visit sketchy websites or use sketchy softwares;
3. You are not a high-profile individual. Say, a civilian is a less interesting target for an attacker than a CEO of a large company, for example;

So, these are the first steps to take. Use common sense, and be reasonable.

As for the software side of things, I think Trisquel doesn't come with any server stuff by default (printing server maybe? But that's not internet facing I suppose). If you want to take an extra step (mostly to prevent extra damage if you install the wrong piece of software) install GUFW and maybe allow only outgoing traffic, denying incoming. Also, you could block most outgoing traffic if you only use browser, but that will give you more trouble than it's worth while you don't know your way around things (I suffered from that a lot in the past... ahah, good way of learning of course).

Also, on the topic of "software installation", choose if possible to only install from Trisquel official repos. That will already prevent some mistakes.

Also, knowledge is the most powerful (and relaxing) weapon you can have. Study more about how computers work, internet connections, etc. You will lose the "hollywood idea" of what "the hackers" or "them" or "the feds" can, or might, or even care to do.

And of course, in terms of encrypting what SHOULD be encrypted, I suppose you can use KeepassX, for passwords, you can choose to go with full-disk-encryption in case your computer is stolen... Again, read before you start trying to encrypt everything. Mostly, common sense will take you far enough.

Let us know if you have any other questions.
Stay safe, stay cool :)

Top
  • Login or register to post comments
  • +1
    0
    -1
    Please use the rating system to mark posts that go against the Community Guidelines
Mon, 07/28/2025 - 11:19
#2
Avron
Avron

I am a translator!

Offline
Joined: 08/18/2020

> I suppose you can use KeepassX, for passwords

Good idea, but I'd suggest KeepassXC, because it is still maintained, unlike KeepassX.

Top
  • Login or register to post comments
  • +1
    +1
    -1
    Please use the rating system to mark posts that go against the Community Guidelines
Sun, 07/27/2025 - 18:32
#3
Cathie3
Cathie3
Offline
Joined: 04/22/2024

Hello GnuUse

thank you so much for this sensible, attentive and differentiated answer!

This is a tremendously helpful answer as it gives important orientations to me. It gives orientations for dealing with the fear in face of a not wellknown universe and for deciding which things are really important to do to keep the data save.

Its a good idea to truy to understand more and thus reduce worries... and its calming to hear that its not necessary to encrypt files. The points 1-3 are already given or realized and I will install KeypassX and perhaps GUFW.

Thank you very much again for this intelligent answer. It was very calming.

Kind regards!
Cathie 3

Top
  • Login or register to post comments
  • +1
    0
    -1
    Please use the rating system to mark posts that go against the Community Guidelines
Mon, 07/28/2025 - 11:17
#4
Sunny Day
Sunny Day
Offline
Joined: 01/05/2023

Hi Cathie3,

It's great to hear you are ready to face "a not wellknown universe", well done for taking the leap, I do empathise with you.

Also great to read GNUser's well rounded advice, it was very informative and also a nice introduction to the beauty of this forum. The people here are truly helpful and are all in one mind when it comes to software freedom.

I have to add that I second GNUser's recommendation to install GUFW, it is what it's name says, an uncomplicated firewall that can give peace of mind to those of us who are not developers. By default, gufw blocks all incoming connections, so you can relax and breath a bit easier (no one will read your files, unless you intentionally send them to be read). GUFW was one of the first things I installed, it works like a charm in default mode, but I imagine you will soon be exploring and making adjustments to suit your needs.

Top
  • Login or register to post comments
  • +1
    0
    -1
    Please use the rating system to mark posts that go against the Community Guidelines
Mon, 07/28/2025 - 20:28
#5
Geshmy
Geshmy
Offline
Joined: 04/23/2015

"I searched for ccrypt as a tool..." I have always thought it might be handy to be able to encrypt sensitive files, too.

https://www.tecmint.com/tomb-file-encryption-and-backup-tool-for-linux/

Just for grins, I obtained tomb from our repository via synaptic and now have a 30 MB encrypted space I can mount at /media/1smiles
(1 smiles is the name I gave this tomb)

Create the tomb
sudo tomb dig -s 30 1smiles.tomb (-s = size, 30 = 30 MB)
Create tomb.key
sudo tomb forge 1smiles.tomb.key (be ready to enter your passkey, seems to time out if you think about it)

These steps will require your key
I think, associate tomb with its key
sudo tomb lock 1smiles.tomb -k 1smiles.tomb.key
Open tomb
sudo tomb open -k 1smiles.tomb.key 1smiles.tomb (results in 'Success unlocking tomb 1smiles')

I opened up /media/1smiles in file manager and right clicked > create new file (experimental.txt) > opened experimental.txt and wrote Howdy > saved and closed

sudo tomb close (it goes away in file manager)

re possible internet access to our hard drives, any thoughts about using abrowser in firejail?

I use Keepasxc for the reason Avron mentioned.

Top
  • Login or register to post comments
  • +1
    0
    -1
    Please use the rating system to mark posts that go against the Community Guidelines
Mon, 07/28/2025 - 20:45
#6
Geshmy
Geshmy
Offline
Joined: 04/23/2015

tecmint has more tools here: https://www.tecmint.com/file-and-disk-encryption-tools-for-linux/

Top
  • Login or register to post comments
  • +1
    0
    -1
    Please use the rating system to mark posts that go against the Community Guidelines