Some encryption options for Zorin

I wrote this for my daughter, who uses Zorin 16 core. She installed without encryption but now wants to encrypt some things, so I suggested these options. I hope it's useful to someone.

1. encrypt a file with gpg
-c = encrypt with password (-ca for text-format output)
-d = decrypt
-o = name for output file.
Input file name comes last.

gpg -c -o encrypted-file file-to-encrypt

It will ask you to enter the password twice

gpg -d -o decrypted-file encrypted-file

2. encrypt a pdf file

sudo apt install qpdf
qpdf --encrypt password password 256 -- file.pdf encrypted-file.pdf

Any pdf viewer will ask for the password when you try to open encrypted-file.pdf

3. encrypt a folder with gocryptfs

sudo apt install gocryptfs
mkdir Secret 
    (this folder will contain the encrypted files)
gocryptfs -init Secret

To open the encrypted folder for access, you have to use an empty folder as a mountpoint:

mkdir secret-OPEN
gocryptfs Secret secret-OPEN

Now you can move files into secret-OPEN, edit them, etc. Encrypted versions immediately appear in Secret. To close, close all apps accessing secret-OPEN, then

fusermount -u secret-OPEN

secret-OPEN folder becomes empty. You can delete it and recreate it next time, or just leave it.

4. luks-encrypted partition

sudo apt install cryptsetup

Say sda3 is a new partition you want to encrypt

sudo cryptsetup luksFormat /dev/sda3
    WARNING! this will overwrite data on /dev/sda3 irrevocably...
    Enter passphrase (twice)
sudo cryptsetup open /dev/sda3 label1
    enter passphrase
sudo mkfs.ext4 /dev/mapper/label1
sudo cryptsetup close label1

Now the partition is ready for use. It can be opened through the file manager: no further need for command line :slight_smile: Eject (unmount) to close access.

5. encrypted home

sudo apt install ecryptfs-utils
sudo adduser [new user name]
sudo usermod -aG sudo [new user name]

Then follow


6. encrypted cloud folder with rclone

:grimacing: Sorry for a late bump. It seemed worthwhile to add rclone

$ sudo apt install rclone

$ rclone config

config must be run twice, first to attach to cloud drive by creating a "remote" (denoted by a colon) such as mcs:, the second time to create an encrypted folder within, which I called mcs-crypt:. Once configured, encryption and decryption are transparently* done; only encrypted data are sent to or received from mcs-crypt:. (Files in mcs: are not encrypted.)

rclone can copy files, make incremental backups in the manner of rsync and much more.

$ rclone sync source destination

sync and copy update files from source to destination, skipping identical files and overwriting if a newer version exists in the source. sync deletes files in destination if they don't exist in the source; copy does not. Source may be a folder or a file, destination is always a folder, created if it doesn't exist. Examples:

Sync Documents folder with remote

$ rclone sync ~/Documents mcs-crypt:/Documents

Copy a file from remote to home directory

$ rclone copy mcs-crypt:/Documents/pickle.odt ~/

Exclude a folder from the backup (in this case, back up .config but skip .config/vivaldi):

$ rclone sync ~/.config --exclude "vivaldi/**" mcs_crypt:/.config

Listing of remote contents:

$ rclone ncdu mcs-crypt:

gui in browser

$ rclone rcd --rc-web-gui mcs-crypt:

Browse help file

$ rclone --help | less

* "Transparent" encryption/decryption is made possible by the rclone.conf file. If your computer is not secure, then the config file itself should be encrypted with the "Set configuration password" option in rclone config. See Crypt

There are detailed tutorials available, for example (rclone: From Basics to Encryption • Andy Ibanez)


I would add a caveat as SuSE Linux 9.3 professional did when I installed it many years ago on a different box. "Warning, encryption may lead to data loss. Do so at your own risk." This applies to any OS. I once had to setup encryption on a Windows OS for my managers Finance Officer - 2 days later the OS went south - and so did the data - make regular backups of data - and especially before you start encryption!

1 Like