Welcome to the main community in programming.dev! Feel free to post anything relating to programming here!
Cross posting is strongly encouraged in the instance. If you feel your post or another person's post makes sense in another community cross post into it.
Hope you enjoy the instance!
Rules
Follow the wormhole through a path of communities [email protected]
If you use ext4 or other filesystem that supports fscrypt, you can use fscrypt to encrypt specific directories.
There's also gocryptfs for a fuse-based userspace implementation.
ZFS has built-in encryption: https://klarasystems.com/articles/openzfs-native-encryption/
This.
Thanks to Meta BTRFS is apparently got/getting it to a certain extent too: https://youtu.be/6YIc2fVLVPU?si=ngiHWS0fw2zIHf2M
I don't want to encypt them in-place because I'll be uploading them onto a server, copying them on an external drive.
I've been using gocryptfs now for a few years and it works fine as you describe.
You initiate the encrypted folder, set up automatic backups for it. Then whenever you want to access it you mount it into another folder.
There is a distinction here between the permanently encrypted folder that you can upload backup whatever, and your temporary mount, unencrypted folder.
If you're alright with the rare conflicts to fix yourself something like syncthing works well for this setup even across computers.
If you want per-directory encryption, there are several options. This front-end project lists a bunch of them in its Supported Backends section.
(Full disk encryption does have a single conventional answer: LUKS. Many distros offer to set this up at install time.)
You're posting in a programming community, though, not a linux help community. Are you looking for a library for use in software you're writing?
"I don’t want to encypt them in-place because I’ll be uploading them onto a server, copying them on an external drive."
Describe your use case.
re-read my question carefully
Sorry I'm not sure I understand what it is you think I'm missing. It's FOSS, works on Linux, has a CLI, works for both files and directories... please enlighten me what I got wrong?
It's got CLI too - alright. But is it any de-facto, mature, well-known, widely used? What gurantees that it's as secure as openssl or gpg? It might have plenty of bugs and vulnerabilies.