Hi
I store files on external drive, both sensetive and regular one (like wallpapers etc).
So i think what should I use for that? Go with LUKS? VeraCrypt? Cryptomator? Or stick with my current one - PicoCrypt?
I need only linux support, but i try to maximize security…
These are all great options. Go with the one you like best and is easy to use. Follow PG suggestions when in doubt.
LUKS is my recommendation.
I’m a bit opinionated on this, but if you only intend to access the encrypted disks on Linux, use LUKS.
It’s a bit more convenient to do so. For one, you don’t need to have the Veracrypt daemon running to manage your encrypted disks. For two, if you also implement root filesystem encryption, you can have your disks automatically unlock at boot using a keyfile (see here as well for secure keyfile creation)
If the idea of losing a keyfile scares you, worry not, as you can configure LUKS to accept either a keyfile or a password. As far as I’ve seen (and tried with my Veracrypt-encrypted disk), this flexibility can’t be had with Veracrypt. You’d need a keyfile and a password
In any case, this approach is what I use on my desktop. It’s quite convenient; you only need to remember the password for your root filesystem. If you can’t access that for whatever reason, and thus can’t access your keyfile, you can fallback to using a password for it
Cryptomator has certainly rendered the process so straightforward that I often find myself questioning whether I’ve executed it correctly.
Oh, keyfile! I almost forgot about that. This should be more comfortable to use in this config. Yeah, i think i will go with LUKS.
They are all recommended, so i thought what will be more comfortable with me.
P.S: should i combine them? Like LUKS + Cryptomator for documents? Or just LUKS enough?
Up to you.
Looks like LUKS requires an article with 40 different terminal commands. If you have to ask which one, this is probably not the one.
My advice:
I’m not fully sure as of how/why but depending on what’s the kind of data you want to encrypt, here are some nice tools: What To Use Instead of PGP - Dhole Moments