Comment

Comment on Typing into the abyss - need a service

ehguyitsmebuddy@lemmy.world ⁨3⁩ ⁨weeks⁩ ago

Thank you. This is really insightful and something that I think might be a robust solution for me. I’ll research GPG more, I clearly need to.

source

Sort:hotnew top

observantTrapezium@lemmy.ca ⁨3⁩ ⁨weeks⁩ ago
The fundamental difference between GPG encryption and encrypted partition is that of asymmetric vs. symmetric encryption. Whether you mount encrypted storage or decrypt a file with GPG, there’s some “effort” in putting in the passphrase and in both cases the system’s keyring is briefly aware of it and the plaintext is saved to memory (volatile, unless you have encrypted swap or other edge cases).

Asymmetric encryption is not normally used for personal stuff but mostly to exchange material with one party holding the private key, and other having access to the public key (which is public). Of course you can act as both parties if you like. If you do, keep in mind:

Asymmetric encryption algorithms may be vulnerable to quantum computing attacks in the coming years. There are quantum-resistant algorithms, but to my understanding they are not necessarily quantum-proof and could potentially be broken in the more distant future.

If you do choose to use GPG, make sure that the plaintext never touches the disk, for example save it to /dev/shm before encryption.

You can also protect your private key with a passphrase.

Personally I use Joplin. On the clients it’s secure because the database is saved on encrypted storage secured by my login phrase. On the server it’s secure by Joplin encrypting the files saved to WebDAV storage. Is it 100% safe? Probably not, but probably good enough to stop all but a nation-state level actor.
source