Beyond Whole Disk Encryption: Other Ways to Secure Your Files
One of the best ways to ensure privacy is using encryption. We typically think of encryption as a security measure, and it is. Encryption is the factor that makes it safe to bank and shop online, send sensitive information through email, and file our taxes online. Encryption makes military communication possible as well. Both privacy and security relate to encryption because one pillar of security is “confidentiality.” It’s the principle that information is available only to people with authorization to view it. I’m a huge fan of encryption, and I encourage its use in web transactions, finance, VPNs, nearly every application where it’s available.
Many organizations use whole-disk encryption to protect the contents of computer hard drives, and it’s an excellent practice. It’s also an excellent practice for your personal computer. There, I said it. I’m about to say something else – I don’t encrypt my computer’s whole hard drive. I had a really bad experience with whole disk encryption that left me saying, “Never again.” There are two camps on whole disk encryption, I’m in the “nah, there are other ways to protect yourself” camp.
Now, don’t get me wrong, whole disk encryption provides excellent confidentiality for your privacy and security. If a customs officer stops you at the border, and they want to see your computer, with an encrypted hard drive, you can say you don’t have the code to decrypt it. Without that code, nobody will decrypt it. Even making a copy of the contents of the drive won’t let someone see the files. It’s an excellent way to keep your stuff away from prying eyes. But it’s not the only way.
Alternatives to Whole Disk Encryption
You can encrypt a single file, or you can move your sensitive documents into a folder and then encrypt that folder. Nobody can get into that file or folder without the key or password that you set at the time you encrypt it. Even if someone makes a copy of the folder or file, they’ll still need that key or password to get into the file or folder.
Windows, Linux, and macOS all offer the option of encrypting individual files and folders, but as with whole disk encryption, Windows 10 Home does not offer it. There are third-party apps that can provide it, and I don’t have any experience with them to the extent I cold endorse any of them. If you feel the need to use one of them, do a lot of research and ask several experts for recommendations.
Not only can encrypting individual folders and files make them impossible to read without the password, but it can also enable you to send a sensitive file to another person without using encrypted email (because not everyone has easy access to setting up encrypted email). Be aware that if you copy and paste an encrypted file or folder, you may not have a copy of an encrypted file or folder; you may have a corrupted file or folder. If that’s the case, you need to decrypt it before you copy it. However, you can attach it to an email without corrupting it. It’s always a good idea to test the process before you inflict it on a critical file. Things change between versions of operating systems, file types, and processes, so no matter what I tell you today, it may change before you read it.
Using native file and folder encryption is easy in Mac and Windows, slightly more cumbersome in Linux, and not natively available in Chrome, because the profiles are encrypted by default.
How to Encrypt Individual Files and Folders
Windows: Encrypting Files and Folders
In Windows, the process is the same for both files and folders. Right-click the name of the item you want to encrypt. In the item properties, at the bottom section called “Attributes,” you’ll see a button labeled “Advanced… .” Click on that, and you’ll see the last item is “Encrypt contents to secure data.” You’ll get a warning if the item is in a folder that isn’t otherwise encrypted, and you’ll probably just want to encrypt that file (otherwise, you’d have selected the folder object instead of the individual file object to encrypt). When you “OK” your way back to the file list, that file will have a lock image on the file icon, indicating that it is secured. You can remove the encryption by going through the same process and unchecking that Encrypt contents box.
macOS: File and Folder Encryption
MacOS will only encrypt individual files in native apps like Numbers, Pages, and Keynote. You just right click on the file and select “Lock <filetype>.” You will see a prompt for a password, which you will absolutely need to remember, then finish up. Non-native files can be password protected, but not encrypted. However, you can encrypt the whole folder that contains them. You need to go to Applications>Utilities>Disk Utility. When Disk Utility opens, select the File menu, then New Image>Image from Folder. Select the folder you want to protect, then select Choose. The next screen will let you select the strength of encryption. Here’s a clue — higher number is better. You’ll also set your password for that folder. You’ll select Choose. Beside “Image Format” you need to select “Read/Write.” Then select “Save.” The system will encrypt the folder (usually takes a few seconds, but large folders with lots of data will take longer), and when it finishes, you’ll see the “Done” button, which you’ll click on, then “Exit Disk Utility.” The folder will be a .dmg file, which stands for “disk image,” but it’s a folder. To access it, you just double-click and type in your password when the prompt comes up.
Linux: File Folder Encryption
This is only one method of encrypting individual files in Linux, and I think it’s the simplest one. It requires the installation of Gnu Privacy Guard (GPG), which is available in the repository for your version of Linux. You’ll then use the terminal and type “gpg -c <filename>,” and you’ll see a box come up prompting you to provide a passphrase. Again, make sure you don’t lose or forget this passphrase! A new file will be created with the file extension .gpg, and you will have to decrypt it to open it. You do that by typing in a terminal “gpg -d <filename>,” and you need to include the “gpg” part of the filename. You’ll be prompted for the passphrase. Using encrypted files is cumbersome in Linux, because you can’t just open an encrypted file, add text, and close it and have it be encrypted the whole time.
Linux: Folder Encryption
Encrypting folders in Linux requires you to install something as well, and, again, I’m picking the easiest method. That’s eCryptfs, and again, it should be in your distribution’s repository. You shouldn’t use this on a directory that already has data in it. You need to create a fresh folder, encrypt it, and then move the stuff into it. The system will encrypt the data as you move it into the encrypted folder. If you don’t do it that way, the folder will be encrypted, but none of the contents will be, or else they will be inaccessible, which is not what we want. To encrypt your fresh directory, you need to run the command as SU, so the command in the terminal is “sudo mount -t ecryptfs ~/<filename>/ ~/<filename>/” and hit Enter. You’ll choose your password, and the first time you use it, you’ll also choose the cipher (the algorithm the program will use to perform the encryption), key bytes (again, bigger is better), and a few other options. It’s okay to go with defaults if you don’t know the answers. The default settings use the most commonly-selected options. You’ll get a warning that it looks like you never mounted this folder before, and that you may have mistyped your password; do you want to continue? Type yes. Then, the program will ask if you want to append a signature file to the file so that the program recognizes it the next time you open it, and you want to say yes to that too. In order to use that folder, you will have to mount it. You can still see the folder when it’s unmounted, and you can see the contents, but you can’t open the files until you mount it.
When and What to Encrypt
I don’t store certain types of files on my computer. If I need them while I’m traveling, I know how I can get to them. The files that are on my computer are pretty boring. It would be really difficult to put much of a picture together of me from the contents of my computer. Not everyone has that option, though. If you have to keep files on your computer, know what to protect and how to protect it. If you’re choosing files and folders rather than whole disk encryption, you should at the very least protect items that contain:
- financial records
- legal documents
- Personally Identifiable Information (PII) such as a driver’s license number or social security number
- Personal Health Information (PHI) such as insurance number, prescription information, and lab results
- confidential project files
- backups and archives
- anything that can be used to steal your identity or blackmail you
YOUR TURN
You don’t absolutely have to encrypt anything. Your life may be fine if you have your data protected in another way. Your data in transit, that is, while it’s moving over the internet (shopping, banking, etc) is all encrypted now. The web browser gurus all got together and decreed that it should be so, and they gave website owners time to get in line, and then they made it so. If that takes care of your needs, you don’t need to take it any further. But if I’ve given you something you can use to increase your peace of mind, drop me a comment below.
My photography shops are https://www.oakwoodfineartphotography.com/ and https://oakwoodfineart.etsy.com, my merch shops are https://www.zazzle.com/store/south_fried_shop and https://society6.com/southernfriedyanqui.
Check out my New and Featured page – the latest photos and merch I’ve added to my shops! https://oakwoodexperience.com/new-and-featured/
Curious about safeguarding your digital life without getting lost in the technical weeds? Check out ‘Your Data, Your Devices, and You’—a straightforward guide to understanding and protecting your online presence. Perfect for those who love tech but not the jargon. Available now on Amazon: