A few months ago, I was asked in a thread:
> Encryption -- just check the default when you install and you're done (why CryptKeeper?)
The user meant check the encryption for the hard drive.
I don't think encryption for the hard drive is necessary or desirable. But there is always a need to cloak personal, financial and business files.
Also, I want to make that decision of what and how much to encrypt on the fly, not dedicate a fixed portion of the drive to an encrypted partition.
Cryptkeeper is a Linux system utility (with user interface accessories) for creating and mounting an encrypted virtual folder, say to your /home directory.
The programs Veracrypt and Truecrypt (discontinued but available in old versions) are available for Linux.
These programs, along with "rsync", are responsible for causing my PC to reboot or stop/power off for no good reason. I have heard of something called a "kernel panic" which forces an OS shutdown. I am guessing these apps cause such a kernel panic even though they are user mode programs.
Rsync will quite often crash my system if I attempt to do a task kill of an rscync process (I ran into this a lot when debugging rogue backup processes.)
When Veracrypt has a drive mounted, my system can crash at any time when accessing that mounted volume.
Cryptkeeper has an entirely different method for mapping a file system compared to the usual encryption tools. This different method ensures the safety of the stored data. And, oh, I haven't had one crash attributable to Cryptkeeper.
In Veracrypt, you have one large file system file that contains the entire encrypted volume. Corrupt that file and you may lose the entire volume.
In Cryptkeeper, if you create an encrypted volume called, say,
/home/fred -
The software creates a parallel hidden folder named
.fred_encfs When you mount /home/fred, every file you then create and work with is saved to an encrypted file with an encrypted name within the .xxxx_encfs folder. Folders and subdirectories are created in parallel within the encrypted file space directory, again with encrypted individual names.
It looks like this:
The important thing here is that
only individual stored files, not all of the files, are subject to loss.Also it's more efficient for backup/restore: a backup or restore can operate just on changed files, not by literally re-saving an entire encrypted volume that has changed.