Password protect folder

ok so i want to take my lappy in for repair (fix non-working keyboard) , but don't want the repair guy to check out all my content .
i want to password protect my home folder , and when i get laptop back , remove it again.
iv'e searched on here and web search but can't find anything simple enough ?
i suppose i could move all content to external if all else fails , but now that I've i tried few things and can't come right , it bothers me lol
so , is there a simple straightforward way to put a password on a folder ?
zorin lite 17.xx

I would suggest using something like Cryptomator:

Note that this won't encrypt an existing folder. It first creates one, which you can use to place sensitive files. However, you can drag and drop your entire folder inside this newly encrypted folder.
One important thing to remember is that you should not interact with this folder until you have unencrypted it through Cryptomator, otherwise your files would be very much readable.

Another option is to create an archive (.zip file) that is password-protected. Again, this won't protect your actual folder as it is, you'll have to delete it afterwards, and then restore from the archive.

NOTE: Password-protected is not the same as encrypted. This archive can still be access by someone with enough experience. Since you're taking this to a repair shop I would argue this isn't a good enough protection, but this may still be useful to deter an attacker in other situations.

thanks for that . i did look at Cryptomator from my searches here , but i don't want to upload my stuff to a cloud to be available on any device anywhere .
i just want to encrypt/password my folder locally on machine .
i also tried Gnome EncFS Manager but that didn't jell so good maybe i just don't know what i'm doing .
then there's VeraCrypt i saw but that looked even more complicated ,basically creating another partition ect ect .
i don't want to muck around with partitions .
i mean in windows it was kinda straightforward to put a password on a file/folder .
isin't there something like that in linux ? whithout having to add apps or clouds and whatnots

While it's true that cloud synchronization is one of the problems that Cryptomator solves, you don't have to upload anything anywhere. Just create the vault and put in the contents you want encrypted. The upload to cloud thing is completely optional.
This is the simplest method that I'm aware of for individual files. But, presumably, someone using encryption wants to do this on an ongoing basis, so I'd argue that the small overhead you pay is really worth it.

In for your particular example, it might be easier to delete the file entirely from the disk and restore it later from a backup. Remember, encryption is meant to protect files from unintended third parties, but if the file is not there to begin with... there's no quantum computer that can break that level of defense :smiley:

Of course, if you do this, make sure to use something like bleachbit to completely erase the bits in the drive itself. Normally, deleting a file only removes the file handle reference that points to a particular location in the drive, but the bits still exist and can be recovered using forensic tools.

yes i'm beginning to think that'll be the best option

don't think i'd have to go to that extreme ,it's just a local repair shop in my small hometown.
i don't think the guy is some sort of hacker /guru trying to get his customers measly info

anyway , from the looks of things i think it'll be the easiest to just backup / delete home folder and restore it after repair
i kinda knew that after the searches but it bogged me that i couldn't password protect a folder in linux lol

i'm not so sure about bleachpit, kinda read horrible things about it , if you not sure what you doing

Yes, BleachBit is a tool you want to use with care.

I can understand that statement, but once you think about it it's really not that surprising. Encryption at rest is meant to protect the contents of the drive in the event of loss or theft.
If you do have that need, it's best to go with the full disk encryption or, at least, encrypt the user's home folder. But for the occasional file... it makes more sense to remove it from the machine that is susceptible to those risk factors. Using an external (encrypted) drive or synchronize over the network are better strategies.

That's probably true; it's also important to assess the needs and risk factors. Even if the employee behind the desk happens to be Neo himself, I doubt he'll decide to use his time to go over the deleted files meticulously.

1 Like

alright , my mind's made up lol
ima backup my home and delete it and restore it after repair
seems simple enough ,yes ?

spent enough time trying to figure out to password protect a $#@% simple folder :confounded:

1 Like

Unfortunately, that's a hidden and common obstacle with open source: too many choices. Often, though, simpler is better.

Practical problems bear practical solutions and this is very true in GnuLinux where profit does not really influence application.

Using ENCFS is the standard practice, but in practical application; the only secure file is one that is not present. Many Windows OS encryption methods are a lot like padlocks: they give the illusion of security while being absurdly easy to break, sidestep, or pick.
In GnuLinux and Open Source, only a viable method will have draw for developers to invest time in. ENCFS works well and is usually reasonably easy to set up and use; but is very annoying once the moment of protection has passed and as always - losing access to your own password can result in data loss. It's just not worth it when given your situation; removing the sensitive data itself and storing it safely on a drive at home is the way to go. It is a temporary thing... What you will find on the internet for GnuLinux will all be long term (and heavy) solutions.

Cloud storage:

Using Protonmails services or Sync with encryption is far more secure than anything a user might do at home for present files.
Many people have the biggest hurdle of not validating whether the cloud itself is senaking in and looking at personal data. Neither Proton nor Sync are, simply because they cannot. The data is encrypted prior to transmission to the cloud.

This looks a bit like aggravation of the X - Y variety. By assuming a necessary solution, other viable solutions get disregarded.

2 Likes

You can create a new partition with Gparted and make it LUKS encrypted password protected and put your important files and folder there.

1 Like

Hi,

This tutorial with some encryption options works fine for me to encrypt home folder (see part 5 with ecryptfs-utils):