I have been using Fedora Silverblue for some weeks now. My threat model requires that besides having Full Disk Encryption with LUKS I also need to have specific files and folders encrypted.
I started by using VeraCrypt on Windows 10, after I migrated to Ubuntu 22.04 I started using ZuluCrypt. As far as I know there are no good alternatives on flatpak.
Are there any suggestions?
One way to achieve this is to symlink directories and files that require encryption to a separate encrypted volume.
The encrypted volume can be implemented as a file, partition, logical volume, or block device, and can be decrypted either automatically on login, or on demand.
Otherwise read about EncFS and eCryptfs, but this method has several substantial drawbacks.
There are several graphical interfaces to local encryption tools that you can run on Fedora. I’m aware of one that’s a part of Fedora; the other two here are from Flathub. I’m listing them in order of user friendliness (once they’re installed).
Vaults is on Flathub. It lets you manage EncFS and eCryptfs volumes. It currently doesn’t include EncFS or eCryptfs inside the flatpak, however, so you’ll need to layer add them manually. The easiest is cryfs, with
rpm-ostree install --apply-live cryfs (installing gocryptfs on Fedora is not straightforward; you have to compile it).
Cryptomator is also on Flathub. I think it includes everything you need? The UI isn’t as native, however.
Additionally, there’s a different app frontend called
sirikali available directly in Fedora (and it supports encfs, cryfs, gocryptfs, and securefs). The UI is a bit less friendly, however.
Also, if you’re interested in backing things up in an encrypted manner (for external drives and/or remote storage), I’m a huge fan of Pika, which uses borg backup in the background. Vorta is also great.
borgbackup are both available directly in the Fedora repos too.
Both Pika and Vorta from Flathub give you everything you need to start using them, so you don’t have to install anything as an overlay.