1. 11
  1.  

  2. 2

    Cool idea, OP. I automated your solution in a bash function.

    encrypt() {
        file=$1
    
        filename=$(basename "$file")        # get filename without path
        ext="${filename##*.}"               # get file extension
        name="${filename%.*}"               # get filename
        directory=$(dirname "$file")        # get directory path
        payload=$directory/$name-e.$ext
    
        if [[ $# -eq 1 ]]; then
            read -s -p "Encryption password: " filepasswd
            qpdf --encrypt $filepasswd ' ' 256 -- "$file" "$payload"
            echo -e "\nEncryption successful!"
        else
            echo "Missing parameter or wrong syntax. Needs one file name."
            echo "encrypt file"
        fi
    }
    
    1. 2

      I do have sensitive files on my cloud storage, and never got around to figuring out an ergonomic solution for my needs, so thanks for writing this!

      I also like the proposed solution, to use PDF encryption, but how secure is it? And can you put arbitrary files into a PDF?

      1. 2

        Although you might be able to put arbitrary files into a PDF, I’m not sure why you’d want to do that. The point of converting the images/docs to PDF is so that you can still work with them on other devices including your phone (previewing, printing) without special software.

        If you need to encrypt files that don’t need to be previewed so to speak, I would use OpenPGP as it’s very straightforward to encrypt any file.

        With how I lined out the instructions, qpdf (for Linux or Mac) you get full AES 256 bit which is good enough for top secret government data Office 2013 uses AES 128 bit which is still very good and virtually unbroken “would take billions of years to brute force on current hardware” and the newest versions of Office (2016+ AFAIK) use AES 256 bit.

        Obviously, the strength of your password plays a crucial role!

      2. 2

        I use cryfs for this, it’s a transparent fuse filesystem that maps one folder with plaintext (don’t store this in dropbox) into another folder with a bunch of cyphertext blocks (store this in dropbox).

        Doesn’t (yet) work on windows, not sure about mobile, but it’s pretty painless.

        1. 1

          Although I’d prefer having everything encrypted client-side, this would break all the Dropbox functionality on my phone – hence I went with something in between. Thanks for sharing your interesting setup!

          1. 0

            That looks incredibly painful. There’s no way it works on anything but a Linux desktop.

            1. 3

              Should work on mac to… but I live my life on linux desktops so that’s good enough for me.

              Keep in mind that the alternative we are comparing to is “manually click a bunch of buttons to encrypt a PDF for anything you want to keep secure”.