[opensuse] Any advise on encrypting a file system for personal data on openSUSE?
Hi, everyone! Recently, as I told on another thread, I installed openSUSE in dual boot with Windows. I would like to encrypt a partition I use to store my personal files (Documents, Downloads, Pictures, Music and Videos). I want to use a file system that can be mounted read/write on both Linux and Windows. Is there any recommendation/advising/suggestion on which encrypted file system I could use to achieve that? I searched the opensuse and opensuse-factory mailing lists and didn't find any for Leap 42.3 and 15.0. openSUSE docs talks about LUKS, but I googled briefly and LUKS support on Windows is abandonware... Maybe I explain better showing my partition setup: Windows recover partition - 499MB Windows reserved partition - 99MB Windows (C:) - NTFS - 100GB openSUSE (/) - Btrfs - 100GB Personal files (D:) - NTFS - 200GB * Home (/home) - XFS - 30.53GB ** Swap - 16GB * This partition I want to encrypt and have it accessible on both Linux and Windows ** This partition I just want to encrypt Thank you in advance! Antonio The Linux Kamarada Project http://kamarada.github.io/ -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On Thu, 5 Jul 2018 12:48:10 -0300, Linux Kamarada wrote:
Hi, everyone!
Recently, as I told on another thread, I installed openSUSE in dual boot with Windows.
I would like to encrypt a partition I use to store my personal files (Documents, Downloads, Pictures, Music and Videos). I want to use a file system that can be mounted read/write on both Linux and Windows.
Is there any recommendation/advising/suggestion on which encrypted file system I could use to achieve that?
I searched the opensuse and opensuse-factory mailing lists and didn't find any for Leap 42.3 and 15.0.
openSUSE docs talks about LUKS, but I googled briefly and LUKS support on Windows is abandonware...
Maybe I explain better showing my partition setup:
Windows recover partition - 499MB Windows reserved partition - 99MB Windows (C:) - NTFS - 100GB openSUSE (/) - Btrfs - 100GB Personal files (D:) - NTFS - 200GB * Home (/home) - XFS - 30.53GB ** Swap - 16GB
* This partition I want to encrypt and have it accessible on both Linux and Windows
** This partition I just want to encrypt
Thank you in advance!
Hello: I don't know if there is any program that works both in windows and linux and can encrypt partitions directly. But there are at least 2 programs which work in both linux and windows: bestcrypt (https://www.jetico.com/) - proprietary, currently supports (works on) opensuse 13.x 42.1 42.2 but not 42.3 and Leap 15.0. It is available in binary form, and builds custom kernel modules at installation. veracrypt (https://www.veracrypt.fr/en/Home.html) - open source, free. Available in binary form, does not require kernel modules, works on more systems than bestcrypt, I guess. With both you can create large encrypted files which can be formatted to different file systems that can be mounted where you want. I don't know if working with 100-200 GB files is feasible, but a few 10 GBs is not a problem. Istvan -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 07/05/2018 08:48 AM, Linux Kamarada wrote:
I would like to encrypt a partition I use to store my personal files (Documents, Downloads, Pictures, Music and Videos). I want to use a file system that can be mounted read/write on both Linux and Windows.
If you used full disk encryption, you could maybe reduce the problem by just finding file systems that can be used on both OS's. That could end up being native MS NTFS or EXTn with a windows driver. There are several of these on the web, some free, some cost small money https://shop.paragon-software.com/80/purl-all-secure-shop?cart=174929&x-site=fsd&x-source=drivers But none of those support encryption on the windows side, which is why I suggested full disk encryption. -- After all is said and done, more is said than done. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 07/05/18 17:48, Linux Kamarada wrote:
Hi, everyone!
Recently, as I told on another thread, I installed openSUSE in dual boot with Windows.
I would like to encrypt a partition I use to store my personal files (Documents, Downloads, Pictures, Music and Videos). I want to use a file system that can be mounted read/write on both Linux and Windows.
Is there any recommendation/advising/suggestion on which encrypted file system I could use to achieve that?
There is nothing which comes with the system. veracrypt (https://www.veracrypt.fr/en/Home.html) would fit the bill if you can find a filesystem that works on both sides. It's available on both Windows and Linux (and Mac). The main trouble is chosing a file system which works well on both sides. Options: ext - Excellent Linux support, poor Windows support. Probably not usable in Windows 10 since drivers need to be signed. FAT - Good support on Linux, excellent support on Windows. Problem: File size limit is 4GB. That means no movies for you and FAT has almost no support for permissions. NTFS - Supported by Linux but not on the same level as FAT. Excellent support on Windows. You can try a commercial NTFS driver, for example the one from Paragon: https://www.paragon-software.com/ntfs_linux_index.html I don't have any experience with it. Conclusion: Should be simple but isn't. Workaround: Set up a file server and put your personal files there. Encrypt the files in the file server. Use NFS or SMB to access them. Advantage: If you set up a VPN, you can access your files worldwide and securely. Regards, -- Aaron "Optimizer" Digulla a.k.a. Philmann Dark "It's not the universe that's limited, it's our imagination. Follow me and I'll show you something beyond the limits." http://blog.pdark.de/ -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 2018-07-05 22:16, Aaron Digulla wrote:
On 07/05/18 17:48, Linux Kamarada wrote:
Hi, everyone!
Recently, as I told on another thread, I installed openSUSE in dual boot with Windows.
I would like to encrypt a partition I use to store my personal files (Documents, Downloads, Pictures, Music and Videos). I want to use a file system that can be mounted read/write on both Linux and Windows.
Is there any recommendation/advising/suggestion on which encrypted file system I could use to achieve that?
There is nothing which comes with the system. veracrypt (https://www.veracrypt.fr/en/Home.html) would fit the bill if you can find a filesystem that works on both sides.
It's available on both Windows and Linux (and Mac). The main trouble is chosing a file system which works well on both sides.
Options:
ext - Excellent Linux support, poor Windows support. Probably not usable in Windows 10 since drivers need to be signed. FAT - Good support on Linux, excellent support on Windows. Problem: File size limit is 4GB. That means no movies for you and FAT has almost no support for permissions. NTFS - Supported by Linux but not on the same level as FAT. Excellent support on Windows.
exfat. supported via fuse, drivers on packman. -- Cheers / Saludos, Carlos E. R. (from 42.3 x86_64 "Malachite" at Telcontar)
Thank you for all of your answers! From what you answered and what I've been reading, it seems I have just one way to go (considering what I want to achieve, especially dual-boot): 2018-07-05 13:25 GMT-03:00 Istvan Gabor <suseuser04@gmail.hu>:
veracrypt (https://www.veracrypt.fr/en/Home.html) - open source, free. Available in binary form, does not require kernel modules, works on more systems than bestcrypt, I guess.
Works on both Windows and Linux, is powerful and featureful. I think I'm going to use it to encrypt my personal files (D:) partition. Maybe encrypting my home partition is not really necessary. I'm going to search how I can add extra security to my browser stored passwords, though.
With both you can create large encrypted files which can be formatted to different file systems that can be mounted where you want.
VeraCrypt supports encrypting entire partitions too.
I don't know if working with 100-200 GB files is feasible, but a few 10 GBs is not a problem.
Istvan
According to what I've been reading, performance penalty is almost negligible. And according to VeraCrypt's own documentation (https://www.veracrypt.fr/en/FAQ.html), "Partitions/drives may be better as regards performance" (when compared to File containers). 2018-07-05 14:19 GMT-03:00 John Andersen <jsamyth@gmail.com>:
If you used full disk encryption, you could maybe reduce the problem by just finding file systems that can be used on both OS's.
That could end up being native MS NTFS or EXTn with a windows driver.
How life is... less than a week ago, he was alive and answered a doubt of mine. Now, I can't talk to him... RIP John Andersen... But if I understood him well, by "full disk encryption" he meant what VeraCrypt calls "partition volume". That is exactly what I'm looking for. 2018-07-05 17:16 GMT-03:00 Aaron Digulla <digulla@hepe.com>:
There is nothing which comes with the system. veracrypt (https://www.veracrypt.fr/en/Home.html) would fit the bill if you can find a filesystem that works on both sides.
It's available on both Windows and Linux (and Mac). The main trouble is chosing a file system which works well on both sides.
I'm going to use VeraCrypt + NTFS.
NTFS - Supported by Linux but not on the same level as FAT. Excellent support on Windows.
I've been using NTFS on Linux without problems since I started using Linux (by 2008, good times... Brazilian's Kurumin Linux based on Debian 4.0 etch). Maybe because I'm the only user of the computer and I set the NTFS permission mask in a way that it ends up like 777...
Workaround: Set up a file server and put your personal files there. Encrypt the files in the file server. Use NFS or SMB to access them.
Advantage: If you set up a VPN, you can access your files worldwide and securely.
Interesting and ingenious solution, but I want something more simple... 2018-07-05 18:48 GMT-03:00 Carlos E. R. <robin.listas@telefonica.net>:
exfat. supported via fuse, drivers on packman.
That filesystem is new to me. I need to search... Antonio The Linux Kamarada Project http://kamarada.github.io/ -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 2018-07-11 06:27, Linux Kamarada wrote:
Thank you for all of your answers! From what you answered and what I've been reading, it seems I have just one way to go (considering what I want to achieve, especially dual-boot):
2018-07-05 13:25 GMT-03:00 Istvan Gabor <>:
veracrypt (https://www.veracrypt.fr/en/Home.html) - open source, free. Available in binary form, does not require kernel modules, works on more systems than bestcrypt, I guess.
Works on both Windows and Linux, is powerful and featureful. I think I'm going to use it to encrypt my personal files (D:) partition.
2018-07-05 14:19 GMT-03:00 John Andersen <>:
If you used full disk encryption, you could maybe reduce the problem by just finding file systems that can be used on both OS's.
That could end up being native MS NTFS or EXTn with a windows driver.
How life is... less than a week ago, he was alive and answered a doubt of mine. Now, I can't talk to him... RIP John Andersen...
:-(
But if I understood him well, by "full disk encryption" he meant what VeraCrypt calls "partition volume". That is exactly what I'm looking for.
No, full disk is full disk, all the partitions. The entire disk. I don't know of a software solution for full disk encryption for both Windows and Linux. There is a firmware method, if the firmware supports asking for the password before booting.
2018-07-05 18:48 GMT-03:00 Carlos E. R. <robin.listas@telefonica.net>:
exfat. supported via fuse, drivers on packman.
That filesystem is new to me. I need to search...
It is used on memory cards beyond 32 GB. NTFS is better for your use case, I added the info for completeness. -- Cheers / Saludos, Carlos E. R. (from 42.3 x86_64 "Malachite" at Telcontar)
On Wednesday, 11 July 2018 18:34:43 ACST Carlos E. R. wrote:
On 2018-07-11 06:27, Linux Kamarada wrote:
Thank you for all of your answers! From what you answered and what I've been reading, it seems I have just one way to go (considering what I want to achieve, especially dual-boot):
2018-07-05 13:25 GMT-03:00 Istvan Gabor <>:
veracrypt (https://www.veracrypt.fr/en/Home.html) - open source, free.
Available in binary form, does not require kernel modules, works on more
systems
than bestcrypt, I guess.
Works on both Windows and Linux, is powerful and featureful. I think I'm going to use it to encrypt my personal files (D:) partition.
2018-07-05 14:19 GMT-03:00 John Andersen <>:
If you used full disk encryption, you could maybe reduce the problem by just finding file systems that can be used on both OS's.
That could end up being native MS NTFS or EXTn with a windows driver.
How life is... less than a week ago, he was alive and answered a doubt of mine. Now, I can't talk to him... RIP John Andersen... : :-( : But if I understood him well, by "full disk encryption" he meant what VeraCrypt calls "partition volume". That is exactly what I'm looking for.
No, full disk is full disk, all the partitions. The entire disk. I don't know of a software solution for full disk encryption for both Windows and Linux. There is a firmware method, if the firmware supports asking for the password before booting.
2018-07-05 18:48 GMT-03:00 Carlos E. R. <robin.listas@telefonica.net>:
exfat. supported via fuse, drivers on packman.
That filesystem is new to me. I need to search...
It is used on memory cards beyond 32 GB. NTFS is better for your use case, I added the info for completeness.
Agreed. ExFAT has a file size limit of 4GB - I got tripped up on that today trying to copy a 64GB file to a 128GB USB thumb drive that I didn't realise was formatted to exFAT - it failed with a write error at 4GB! Had to reformat the thumb drive as NTFS (it was going to be transferred to a Windows machine) and start again. [Unfortunately (even thought it was formatted as NTFS on a Windows machine first), when the copy was completed (from OpenSuSE Leap 42.1) and the thumb drive put back into the Windows machine it reported as a corrupted file system and couldn't be read. Never had that happen before. Ended up mounting a network share via smb and copying that way instead. ] Don't use exFAT if you work with (or might need to work with) files >4GB in size. -- ============================================================== Rodney Baker VK5ZTV rodney.baker@iinet.net.au CCNA #CSCO12880208 ============================================================== -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 11.07.2018 15:30, Rodney Baker wrote:
It is used on memory cards beyond 32 GB. NTFS is better for your use case, I added the info for completeness. Agreed. ExFAT has a file size limit of 4GB - I got tripped up on that today trying to copy a 64GB file to a 128GB USB thumb drive that I didn't realise was formatted to exFAT - it failed with a write error at 4GB! Had to reformat the thumb drive as NTFS (it was going to be transferred to a Windows machine) and start again.
[Unfortunately (even thought it was formatted as NTFS on a Windows machine first), when the copy was completed (from OpenSuSE Leap 42.1) and the thumb drive put back into the Windows machine it reported as a corrupted file system and couldn't be read. Never had that happen before. Ended up mounting a network share via smb and copying that way instead. ]
Don't use exFAT if you work with (or might need to work with) files >4GB in size.
While I agree that for the OP's use case NTFS might be the FS of choice, I feel the need to correct the above statement. The cited 4GB file limit indicates that the thumb drive actually was using FAT32 (which is directly supported on Linux), and not exFAT. exFat supports files up to 16 Exabyte, but is not natively supported on Linux. It can be used via a fuse driver, available on packman. -- Cahn's Axiom: When all else fails, read the instructions. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 2018-07-11 15:30, Rodney Baker wrote:
On Wednesday, 11 July 2018 18:34:43 ACST Carlos E. R. wrote:
On 2018-07-11 06:27, Linux Kamarada wrote:
2018-07-05 18:48 GMT-03:00 Carlos E. R. <robin.listas@telefonica.net>:
exfat. supported via fuse, drivers on packman.
That filesystem is new to me. I need to search...
It is used on memory cards beyond 32 GB. NTFS is better for your use case, I added the info for completeness.
Agreed. ExFAT has a file size limit of 4GB - I got tripped up on that today trying to copy a 64GB file to a 128GB USB thumb drive that I didn't realise was formatted to exFAT - it failed with a write error at 4GB! Had to reformat the thumb drive as NTFS (it was going to be transferred to a Windows machine) and start again.
No, exFAT file size limit is 128 PiB. You were probably using FAT. <https://en.wikipedia.org/wiki/ExFAT> -- Cheers / Saludos, Carlos E. R. (from 42.3 x86_64 "Malachite" at Telcontar)
On Friday, 13 July 2018 2:16:46 ACST Carlos E. R. wrote:
On 2018-07-11 15:30, Rodney Baker wrote:
On Wednesday, 11 July 2018 18:34:43 ACST Carlos E. R. wrote:
On 2018-07-11 06:27, Linux Kamarada wrote:
2018-07-05 18:48 GMT-03:00 Carlos E. R. <robin.listas@telefonica.net>:
exfat. supported via fuse, drivers on packman.
That filesystem is new to me. I need to search...
It is used on memory cards beyond 32 GB. NTFS is better for your use case, I added the info for completeness.
Agreed. ExFAT has a file size limit of 4GB - I got tripped up on that today trying to copy a 64GB file to a 128GB USB thumb drive that I didn't realise was formatted to exFAT - it failed with a write error at 4GB! Had to reformat the thumb drive as NTFS (it was going to be transferred to a Windows machine) and start again.
No, exFAT file size limit is 128 PiB. You were probably using FAT.
Thanks for the correction. Windows was reporting the drive as exFAT, but I suspect oS was only recognising it as (and thus using the driver for) FAT32, hence the 4GB limit. Always good to learn something. :) -- ============================================================== Rodney Baker VK5ZTV rodney.baker@iinet.net.au CCNA #CSCO12880208 ============================================================== -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 El 2018-07-13 a las 08:13 +0930, Rodney Baker escribió:
On Friday, 13 July 2018 2:16:46 ACST Carlos E. R. wrote:
On 2018-07-11 15:30, Rodney Baker wrote:
On Wednesday, 11 July 2018 18:34:43 ACST Carlos E. R. wrote:
On 2018-07-11 06:27, Linux Kamarada wrote:
2018-07-05 18:48 GMT-03:00 Carlos E. R. <robin.listas@telefonica.net>:
exfat. supported via fuse, drivers on packman.
That filesystem is new to me. I need to search...
It is used on memory cards beyond 32 GB. NTFS is better for your use case, I added the info for completeness.
Agreed. ExFAT has a file size limit of 4GB - I got tripped up on that today trying to copy a 64GB file to a 128GB USB thumb drive that I didn't realise was formatted to exFAT - it failed with a write error at 4GB! Had to reformat the thumb drive as NTFS (it was going to be transferred to a Windows machine) and start again.
No, exFAT file size limit is 128 PiB. You were probably using FAT.
Thanks for the correction. Windows was reporting the drive as exFAT, but I suspect oS was only recognising it as (and thus using the driver for) FAT32, hence the 4GB limit. Always good to learn something. :)
Despite the "fat" in the name, an exfat filesystem can not be used at all with a "FAT" driver. It is a different beast. In fact, the official Linux kernel does not support it, so it has to be done with a fuse driver downloaded from packman because of licensing issues. - -- Cheers Carlos E. R. (from openSUSE 42.3 x86_64 "Malachite" (Minas Tirith)) -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iF4EAREIAAYFAltH6LQACgkQja8UbcUWM1zKZwD+PdlFho2RGpQafX3DX1Cd3pDR 7EFhbOUnFuctmjHYg0sA/3jkjBIyU4DmVk0eGerqHZfl+SbmWbibnxBssnDZ9Q+j =7T+d -----END PGP SIGNATURE-----
2018-07-11 1:27 GMT-03:00 Linux Kamarada <linuxkamarada@gmail.com>:
Thank you for all of your answers! From what you answered and what I've been reading, it seems I have just one way to go (considering what I want to achieve, especially dual-boot):
2018-07-05 13:25 GMT-03:00 Istvan Gabor <suseuser04@gmail.hu>:
veracrypt (https://www.veracrypt.fr/en/Home.html) - open source, free. Available in binary form, does not require kernel modules, works on more systems than bestcrypt, I guess.
Works on both Windows and Linux, is powerful and featureful. I think I'm going to use it to encrypt my personal files (D:) partition.
I was able to encrypt a whole USB flash drive (just one partition) using the following howto: https://www.maketecheasier.com/create-encrypted-usb-with-veracrypt/ But when I tried to encrypt my 200GB partition, I got: device-mapper: reload ioctl on veracrypt1 failed: Device or resource busy Command failed Any ideas on what is going on? I tried all of the solutions here, without success: https://askubuntu.com/q/429612 PS: just in case anyone wants to know VeraCrypt, I recommend reading the following, very good documentations https://www.veracrypt.fr/en/Documentation.html https://securityinabox.org/en/guide/veracrypt/linux/ Antonio The Linux Kamarada Project http://kamarada.github.io/ -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
2018-07-18 1:01 GMT-03:00 Linux Kamarada <linuxkamarada@gmail.com>:
2018-07-11 1:27 GMT-03:00 Linux Kamarada <linuxkamarada@gmail.com>: I was able to encrypt a whole USB flash drive (just one partition) using the following howto:
https://www.maketecheasier.com/create-encrypted-usb-with-veracrypt/
But when I tried to encrypt my 200GB partition, I got:
device-mapper: reload ioctl on veracrypt1 failed: Device or resource busy Command failed
Any ideas on what is going on?
I tried all of the solutions here, without success:
Also, I tried using a LiveUSB of openSUSE Leap 15.0, same result. Using Windows 10, I successfully encrypted and mounted the partition with VeraCrypt. But then, back to openSUSE Leap 15.0 and tried to mount it, I got that same error again. Antonio The Linux Kamarada Project http://kamarada.github.io/ -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
Em qua, 18 de jul de 2018 às 01:01, Linux Kamarada <linuxkamarada@gmail.com> escreveu:
I was able to encrypt a whole USB flash drive (just one partition) using the following howto:
https://www.maketecheasier.com/create-encrypted-usb-with-veracrypt/
But when I tried to encrypt my 200GB partition, I got:
device-mapper: reload ioctl on veracrypt1 failed: Device or resource busy Command failed
Any ideas on what is going on?
I reported that on the VeraCrypt forum: https://sourceforge.net/p/veracrypt/discussion/general/thread/d8e98094/ Thank you for the help so far! Just in case anyone reading this missed the original thread: https://lists.opensuse.org/opensuse/2018-07/msg00080.html Antonio The Linux Kamarada Project http://kamarada.github.io/ -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
participants (7)
-
Aaron Digulla -
Andreas Mahel -
Carlos E. R. -
Istvan Gabor -
John Andersen -
Linux Kamarada -
Rodney Baker