Hi, I was planning to encrypt my files with GPG for safety before uploading them to the cloud. However, from what I understand GPG doesn’t pad files/do much to prevent file fingerprinting. I was looking around for a way to reliably pad files and encrypt metadata for them but couldn’t find anything. Haven’t found any recommendations on the privacyguides website either. Any help would be appreciated!

Thanks

      • delirious_owl
        link
        fedilink
        arrow-up
        1
        arrow-down
        2
        ·
        8 months ago

        I recommend making a giant tarball and encrypting that with gpg and then encrypting again with rclone.

          • delirious_owl
            link
            fedilink
            arrow-up
            2
            arrow-down
            1
            ·
            8 months ago

            Yes. Security has trade offs. But cloud backup storage is cheap.

            • MigratingtoLemmy@lemmy.worldOP
              link
              fedilink
              arrow-up
              1
              ·
              8 months ago

              Is there no way to encrypt the metadata of files using GPG? And how do people pad their files to prevent fingerprinting? Surely I’m not the first person to be asking about this? I haven’t had much luck searching online

              • delirious_owl
                link
                fedilink
                arrow-up
                1
                ·
                8 months ago

                The files metadata is encrypted with GPG. Except for GPG metadata, which is minimal

              • Synnr@sopuli.xyz
                link
                fedilink
                arrow-up
                1
                ·
                7 months ago

                GPG/PGP turns takes the file and turns it into random bits that only someone with the private key can unrandomize. There is no file metadata left. There is no nothing left. I believe the sizes are even consistent (0-1024kB files will be the same output size.)

  • solrize@lemmy.world
    link
    fedilink
    arrow-up
    16
    ·
    edit-2
    8 months ago

    Yes GPG should add appropriate padding (random initialization vector) to not reveal whether two ciphertexts have the same plaintext. It makes no real attempt to conceal that the two plaintexts have the same length. If you want that, best bet is to make all ciphertexts the same length, by padding plaintexts out to 1MB or whatever, and turning off compression. Actually you might first check the manual to see if there is already an option for that. There are a lot, and I no longer keep track.

    Cryptographer’s saying (Silvio Micali, I think): “A good disguise does not reveal the person’s height”. So you are on the right track.

    • MigratingtoLemmy@lemmy.worldOP
      link
      fedilink
      arrow-up
      3
      ·
      8 months ago

      I also have media and other binary blobs which I’d like to archive in an encrypted fashion, will GPG suffice? ChatGPT mentioned OpenSSL for this but I’m not sure where that’s taking me.

      • solrize@lemmy.world
        link
        fedilink
        arrow-up
        3
        ·
        8 months ago

        Openssl really isn’t the right thing for that. GPG is fine for individual files if you don’t mind leaking the approximate length. You may be better off with borg backup depending on your exact use case.

        • MigratingtoLemmy@lemmy.worldOP
          link
          fedilink
          arrow-up
          2
          ·
          8 months ago

          I’m using rclone, do you recommend I run borg on top of it to encrypt said files? And does borg explicitly do what I’m trying to achieve? I’m going to take a look at the documentation, thanks

          • solrize@lemmy.world
            link
            fedilink
            arrow-up
            2
            ·
            8 months ago

            I’m not really familiar with rclone. I just use Borg and it does about everything I could want. You can even ssh mount a Borg repo as a file system and browse the files, though it is read only (you can’t modify anything that way). Obvs you need the decryption key to do that.

            • MigratingtoLemmy@lemmy.worldOP
              link
              fedilink
              arrow-up
              2
              ·
              8 months ago

              I see. I’m using Cryptomator, but I was recently linked to rclone’s in-built encryption, which is probably what I’ll use next. Thanks

              • solrize@lemmy.world
                link
                fedilink
                arrow-up
                2
                ·
                8 months ago

                I will check into rclone again. People keep mentioning it. I think I may have considered it before deciding on borg. But my use case is primarily backup rather than archiving. The two aren’t quite the same.

  • Possibly linux@lemmy.zip
    link
    fedilink
    English
    arrow-up
    4
    ·
    8 months ago

    You could use Duplicati. I’m not sure if it does padding but it simplifies encryption and prevents corruption.

  • TechieDamien@lemmy.ml
    link
    fedilink
    arrow-up
    3
    ·
    8 months ago

    Sounds like you want a proper backup solution. Take a look at borg backup, a tool that supports encrypted, deduplicated, compressed, incremental backups. You can even directly save to your cloud via protocols such as ssh, s3, etc.

    • MigratingtoLemmy@lemmy.worldOP
      link
      fedilink
      arrow-up
      1
      ·
      8 months ago

      I have thought of it, but it doesn’t seem as portable to me as just rclone. I don’t like installing Cryptomator either.

  • ryannathans@aussie.zone
    link
    fedilink
    arrow-up
    2
    ·
    8 months ago

    If there are really no good padding tools I’ll probably start a new git repo and write one, would be a pretty handy CLI tool