Not happy with macOS Open Source encryption

Hi

I wish to encrypt my porn stash, which I frequently watching. I don’t trust Apple FileVault.

I use macOS, but VeraCrypt doesn’t integrate well into macOS. Clunky experience

Kryptor is .Net and in beta.

Is there anything other, also CLI only is good for me.

Important is that I need to access the files frequently.

encrypted zip not sufficient enough?

There is ways like GPG? or even AES encyption (it’s app, i love it but weirdly enough not a lot of people talk about it) or even use zip or winrar!

I use macOS, but VeraCrypt doesn’t integrate well into macOS. Clunky experience

If you are running Big Sur that’s a known issue that requires changes to VeraCrypt, which is unlikely to happen anytime soon. A workaround is to downgrade to Catalina (if you can, unless you’re running M1, in which case you probably can’t.)

Is there anything other

There are plenty of other options but ones that integrate properly into Finder with Big Sur are (I’m guessing) going to be problematic.

Just a reminder, you have to disconnect to the internet and reset the date to an earlier time because i think the Big Sur update expires some certificate that blocks reinstall of older versions

2 Likes

What about Cryptomator?

1 Like

I don’t wish to extract before watching movies. It’s time consuming for 300 GB.

Good idea? How use it? I only used GPG with mails

Is this guide good? https://dev.to/efe/how-to-use-gnupg-for-encrypting-files-on-macos-2kke

I not wish to upload to any cloud. I wish transparent encryption.

300GB ! That’s a lot of porn movies for someone who’s pseudo is “nofap” :rofl:

2 Likes

You don’t have to. Crpytomator can be used on local drives only

1 Like

Sorry for late reply! i got problems with my linux. and i found this tool while i was searching (looks promising but again i just found it while i was searching so not sure if its good or not): https://pgptool.github.io/ and here is the video: https://www.youtube.com/watch?v=iEloW5QCvKI (that helped me to encrypt stuff in the past) or https://www.youtube.com/watch?v=DMGIlj7u7Eo (did not watch the video but i know the author and i know he makes some good tuts)

PGP/GnuPG doesn’t need to die, but people should probably stop using it and move on to better, purpose-built tools. PGP the swiss army knife of painful encryption. It’s better than a sharp stick in the eye, but it’s also like punching yourself in the balls… if you have balls.

I have pair of them, want a share ? and for me PGP/GPG (which both kinda the same for me, although i use GPG more) i think it’s good and still worthy (captain amrieca voice) so yeah i will use it until NSA breaks the 4028bits (don’t remember exactly the number) key that got around 7 random words as a password. at this moment i would use another way or just increase my password length

If the NSA broke it, you wouldn’t know. SigSpoof vuln was around since 1998 – a full two decades – before anyone was wise to it. It’s not the at-rest encryption that will fail you, most likely, it will be the program handling it.

Something like minisign, by contrast, has one job to do and is less than 1500 SLOC as a result.

but at least they knew right? so that what i’m talking about

If finding a vulnerability 19-20 years late is “knowing” something … we’re not making progress.

My overall point is, GPG tries to do too much, which gives it a ton of complexity and attack surface. If GPG was refactored into small tools that can work together, each doing just one thing, that can be audited and tested more effectively – that would be a different discussion. But there’s little appetite or interest for that in the upstream, so that’s why I would tell people to start putting a toolbox of other things together to replace the things they use GPG for.

It’s like X11. It’s not going to change. It is what it is, and it will be – to one extent or another – a keylogger forever. You can either get on board with Wayland or you can accept significantly higher risk with the status quo.

It’s impossible eliminate risk, but you can make better choices.

I get what you mean! alright what other encryption tools you suggest?

I used minisign (and it’s equvalent, openbsd’s signify) as an example of something that could replace one aspect – signing files.

And look, you’ll still have to spend time and familiarize yourself with the pros and cons of anything you end up using. It’s just a suggestion that smaller, single-purpose tools work better for this domain than a big tool like GnuPG.

That said, I’ll keep using GnuPG for now, because it’s literally unavoidable in the way that I need to work with others. Also, because better options don’t exist yet for some things. (git-crypt, there are options, but none better than git-crypt yet, imho).

It’s a general call for people to stop depending on GnuPG for everything…