Tools that encrypt your data should be handled with care. The documentation of virtually every encryption tool has a section that warns the user about accidental data loss because of forgotten passwords, misplaced key files or damaged headers In essence, the same software that guards your data might also prevent you from accessing it ever again.
This places even more responsibility on the developers of encryption software to make sure that users of their programs aren’t overwhelmed by the tools at their disposal.
EncFS is primarily a command-line tool that you’ll find in the repositories of virtually every desktop distribution. While it doesn’t have an official graphical front-end, Gnome users can use the Gnome EncFS Manager to manage and mount encrypted directories.
However, you’ll have to switch to the terminal to set up EncFS encrypted folders. The program requires two directories be used to keep encrypted and decrypted files.
It’s common practice to store the encrypted files inside a hidden directory. When you invoke EncFS it prompts you to select one of two configuration modes. There’s the predefined paranoia mode that uses AES cipher with a key size of 256 bits.
Advanced users can run EncFS in expert mode, which enables you to manually pick the various encryption settings. Similarly, when you mount a new encrypted directory, you get two pre-configured settings with different encryption settings.
This is one of the simplest tools to install and use. Simply download and extract the installer from the tarball on its website.
Then run the installer that prompts for superuser privileges before launching the graphical installer. To encrypt a file, simply right-click a file and select the relevant option in your file manager to open the file with another application.
This will bring up a list of all the programs installed in your distribution. Select AES Crypt , which prompts you for a password to encrypt the file twice.
That’s all there’s to it. The encrypted version of the file will be placed in the same folder with the same name but with an .aes extension.
To decrypt the file you can open the .aes file with the AES Crypt program from the right-click context-menu. It’ll prompt you for the password before decrypting the file in the same folder.
VeraCrypt is a fork of the now-defunct TrueCrypt project and has inherited most of its parent’s functionality and also some quirks like its license, which is why it isn’t available in any distro’s software repository.
The project also doesn’t ship binaries for popular distros, but installing it is simple. The program has wizards for common tasks such as creating encrypted volumes and then mounting them, which makes it ideal for to new users.
There’s has an option to benchmark the speed for the encryption and decryption of various supported encryption ciphers.
You can use the software to organise volumes and mount them with a single click. You can change the encryption password and add or remove key files to volumes.
The first thing you need before using KGpg is a key and the program will automatically launch the key generation wizard at the first start-up.
After creating the key you should also create a Revocation Certificate to void your key if your system or key is compromised.
KGpg offers two methods to encrypt your data: symmetric and key-based. For the latter you’ll need to exchange your public key with your friends and colleagues. You’ll then have to encrypt the message with your colleague’s public key, while they’ll need their own secret key and passphrase to decrypt the data.
You can also encrypt files by right-clicking the file you want to encrypt and choosing Actions > Encrypt File. Similarly, to decrypt a file bring up its right-click context menu and head to Actions > Decrypt File.
Zulucrypt’s website hosts binaries for Ubuntu, Debian, Fedora and OpenSUSE distributions.
The program has a fairly intuitive interface. You get separate options to create an encrypted container in a file and in a partition.
You can also create random keyfiles and use these to encrypt the containers. If you use the program to create a LUKS container, it’ll remind you to back up its header immediately after creating the container.
This tool also has options to encrypt and decrypt standalone files and securely erase a device by writing random data to it, as well as a graphical tool for mounting and managing volumes.
The program can also perform block device encryption which means that it can encrypt everything written to a certain block device. The block device can be a whole disk, a partition or even a file mounted as a loopback device.