I watched a video about how to encrypt your files on your usb or on your drive last night, it uses the veracrypt is there any application to use other than that or veracrypt is the best on encrypting your files. Also, is it safe to be use ?
1 Like
Yes, it’s safe to use.
Cryptomator is good for encrypting files on cloud storage
1 Like
I love veracrypt, and it is generally accepted as very safe.
(Maybe I should create an encrypted file with veracrypt to keep all my passwords in, instead of a password manager… 
)
1 Like
Good day, Saykiii 
There was a similar discussion here:
https://discuss.techlore.tech/t/encrypting-an-individual-file
Maybe you’ll find something useful there 
.
2 Likes
By the way, I have a question when you encrypt your files on your usb using veracrypt and then your usb suddenly got infected by virus, is your files safe from the virus or not?
If your USB device encrypted with VeraCrypt is mounted when the computer to which it is attached becomes infected with a virus, then the files on that device are also vulnerable.
1 Like
So even your files are encrypted it is not excepted on virus ?
There is gocryptfs, cryptomator, age, GPG (although I dont recommend it, symmetric encryption is fine), and cryptsetup (LUKS) are the ones I would use.
So… you can’t infect a USB with a virus, but rather, you can infect a computer with a USB device. So technically yeah, your files would not be safe if you use an infected device to decrypt the drive but you can also recover the files.
1 Like
And PGP doesn’t use a symmetric algorithm when encrypting a file?
1 Like
When you mount a VeraCrypt volume, the unencrypted files are made available to the operating system, and as a consequence, they are potentially available to malware as well.
1 Like
PGP and GPG are different things. PGP is an asymmetric encryption/signing protocol and GPG is an implementation of PGP along with other things.
1 Like
Okay, does GPG encrypt the content of a file using a symmetric algorithm?
Normally, you would only use an asymmetric algorithm to exchange the key used for the symmetric cipher.
1 Like
you can use these flag to make it more safe gpg -c --no-symkey-cache --cipher-algo AES256
1 Like
I never said it wasn’t safe, I was just pointing out that @mazer is wrong about GPG and symmetric encryption.
When you encrypt a file with GPG or PGP a symmetric cipher will be used, in your example it’s AES256.
1 Like
As the Privacy Guides quote here, there’s a command to use modern cryptography called future-default, I recommend using this for gpg.
1 Like
Okay, does GPG encrypt the content of a file using a symmetric algorithm?
The flag -c makes it symmetric. It is not related to PGP. It is not a prominent feature of GPG and there are much better alternatives like age as I mentioned to do symmetric encryption because they are much simpler.
1 Like
Is this how GPG/GPG works?
You generate a random key, you use that key to encrypt your message using symmetric encryption, you then encrypt the key with your private or public key using asymmetric encryption. Now you can store the encrypted key and message together, and only the party with the opposite key can access it.
Asymmetric algorithms are not designed to encrypt large amounts of data, and -c does not make it symmetric, it just allows you to set the key.
1 Like
The way GPG works is you generate a key pair, you then use your recipients public key to encrypt to it and your recipient uses their private key to decrypt it. Symmetric just means that you encrypt and decrypt with the same key, i.e a password (unlike asymmetric, where you encrypt to a public key and then decrypt with the corresponding private key).
^ from GPG manual.
You can encrypt with asymmetric algorithms any sized file you want.
1 Like
You clearly have no idea about how the encryption is performed.
You generate a session key, that key is used to encrypt the message, and you encrypt the session key with the public key.
You not understanding PGP on the most basic level makes this discussion pretty much impossible.
1 Like
I do not see why you would be sending this graph. In the end, GPG (and subsequently, the way PGP is designed to) creates an encrypted file that can be decrypted by only the private key of the recipient unless you use symmetric encryption. The graph you sent is different than what you would usually refer to symmetric file encryption and in the end, you need a private key to decrypt that file and not a passphrase that is the same as the one that was used to encrypt that file.
and yes, this is exactly what symmetric is. You use only 1 key to encrypt and decrypt.
--symmetric
-c Encrypt with a symmetric cipher using a passphrase. The default sym-
metric cipher used is AES-128, but may be chosen with the --cipher-algo
option. This command may be combined with --sign (for a signed and sym-
metrically encrypted message), --encrypt (for a message that may be
decrypted via a secret key or a passphrase), or --sign and --encrypt
together (for a signed message that may be decrypted via a secret key or
a passphrase). gpg caches the passphrase used for symmetric encryption
so that a decrypt operation may not require that the user needs to enter
the passphrase. The option --no-symkey-cache can be used to disable
this feature.
And as you know, aes-128 is a symmetric encryption algorithm. However when you use GPG to encrypt to a public key, you need the corresponding private key. I don’t see where the problem is to be honest. It clearly says it does symmetric encryption in the manual and it uses symmetric encryption algorithms
1 Like