Join Log in
Score:5
Rerun avatar Ubuntu

Encrypt partition for use in Ubuntu + Windows

cn flag
Rerun

I have a machine with dual boot Windows 10 / Ubuntu 20.04. I would like to set up a new HDD (1 partition) dedicated for documents and other data - which I would like to have have encrypted, but accessible from both operating systems.

I presume that the preferred format for this partition is NTFS. But which way is currently most advisable for encryption, that is supported by both OS'es?

1006
2 + 3
cn flag
Rinzwind
I would advice against this and follow the answer from C.S. Cameron it is about encrypting FILES and DIRs on a partition. bitlocker (used by windows by default) from inside windows will change the encryption key periodically and Ubuntu will not be informed about that requiring you to manually type the key ... "But which way is currently most advisable for encryption, that is supported by both OS'es?" None whatsoever.
1
Reply
C.S.Cameron avatar
cn flag
C.S.Cameron
@Rinzwind: Thank you, 7Zip is pretty simple to use and should do the job. AES-256 is AES-256
1
Reply
gf flag
OrangeDog
Have you considered WSL rather than dual-booting? It may be a lot more convenient for your workflows.
0
Reply
Score:8
Sebastian avatar Ubuntu
in flag
Sebastian

The only way I know of to encrypt a partition that is accesible both from Windows and Linux, without the need to constantly decrypt/encrypt your files manually, is VeraCrypt.

For a separate data disk with a single partition there should be no issues. As long as you're fine with unlocking/mounting the drive manually on each boot, it should be straightforward to set it up.

0 + 1
Rerun avatar
cn flag
Rerun
Thank you for this. Unlocking the drive manually on each boot is exactly what I want. The point is to keep the data inaccessible in case the computer/HDD comes into someone else's hands.
0
Reply
Score:3
C.S.Cameron avatar Ubuntu
cn flag
C.S.Cameron

How to Make an Encrypted File / Directory

  • Install p7zip-full from universe repository

  • Right click file or folder and select Compress.

  • Confirm archive name and select .7z, then Create.

  • Right click .7z archive select open with Archive Manager.

  • Select three line icon upper right, click Password to create AES-256 encrypted archive.

Notes

You will need to install 7Zip to open archive on a Windows machine.

If Windows is involved I would use NTFS or exFAT, exFAT needs to be enabled in Ubuntu.

When opening a file in the encrypted archive a temporary file is created. In Windows, if the computer crashes or the archive is closed before the file, the temp file may remain in /AppData/Local/Temp/, (%TEMP&). Everything is okay if the file is closed before the archive. In Ubuntu the temp folder is /home/USER/cache/. The temp file seems to be deleted with a crash or when the archive is closed. The User should confirm this regularly.

The encrypted archive will expand as required.

Selecting and remembering a strong password is an important part of encryption security. There are many good articles about this topic on the internet.

HDD's, SSD's and flash drives can all brick without notice. SLC, (Single Level Cell) SSD's and flash drives have the longest life spans. It is a good idea to keep a backup drive and copy of the password in your safety deposit box.

A full tutorial on P7Zip-Desktop can be found at: https://www.how2shout.com/linux/how-to-install-p7zip-gui-on-ubuntu-20-04-lts/

0 + 7
C.S.Cameron avatar
cn flag
C.S.Cameron
I understand that "The Encrypting File System" is not very secure and does not work on Linux. The above is not very difficult. Enter a password to open the archive and close it when done.
0
Reply
gf flag
OrangeDog
you cannot read or write anything in the archive without first extracting it to a different unencrypted file. It's fine for storage, but not for actual usage.
1
Reply
C.S.Cameron avatar
cn flag
C.S.Cameron
OrangeDog: Once **p7zip-full** is installed, I open the .7z archive with Archive Manager, it asks for password, then a "Files" style window is open and I can work on and save archive files just like with nautilus. It asks me to confirm Update when saving. Once the .7zip archive is open all seems normal to me. I am talking about p7zip-full not p7zip-desktop. Please give it a try.
0
Reply
gf flag
OrangeDog
That may appear to work for desktop usage, because it is extracting things to temporary files and opening those for you via a Nautilus plugin. From the command-line, or anything else that doesn't have GUI file-browser integration, you have to do it manually. You should also audit whether it cleans up the temp files automatically, otherwise that's very insecure.
0
Reply
C.S.Cameron avatar
cn flag
C.S.Cameron
@OrangeDog: The OP is a Windows user and probably okay with UI's. All I could find on 7zip and temp files was the following on superuser: https://superuser.com/questions/412518/does-7zip-extract-to-a-temporary-file-and-then-rename-the-temporary-to-the-actua/412579. Sounds safe enough in Ubuntu.
0
Reply
gf flag
OrangeDog
That's talking about temp files when you extract to a specific location. If you do what you are doing ("in-place" access) then it must first extract the content to a file. Please stop recommending things that you have no idea what they do.
1
Reply
C.S.Cameron avatar
cn flag
C.S.Cameron
@OrangeDog: I have added a warning.
0
Reply
ธงชาติไทย
Elon Musk
I sit in a Tesla and translated this thread with Ai:

mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.