Data encryption with SiriKali
Hardened Choice
SiriKali encrypts files and directories with just a few mouse clicks, without the inefficiency of fixed-size containers.
Many Linux users are wary of encrypting their data – primarily because most of the available tools don't offer a graphical user interface, and also – but less often – because of a perceived lack of flexibility in handling encrypted data files. But in the modern era, when high-capacity USB media are easy to find, encryption is becoming more important. Tools such as TrueCrypt or its successor VeraCrypt have a graphical user interface but create containers of a fixed size, without the flexibility to deal with growing volumes. If you store only a few files, you are wasting storage space with a big container. On the other hand, if you create a container that is too small, running out of space will mean a time-consuming overhaul.
SiriKali [1] is an encryption tool that avoids fixed sizes for containers. By encrypting at the directory and file level, you only use as much storage space as the data actually takes up. SiriKali relies on various encryption back ends, with support for fscrypt, SecureFS, eCryptFS, CryFS, EncFS, gocryptfs, and SSHFS. (If you're considering EncFS, keep in mind that security vulnerabilities were discovered in an audit in 2014.)
In SiriKali, you deploy encrypted filesystems in user space – with the help of the FUSE kernel module, which means that you can work with the tools without needing admin privileges. SiriKali recognizes the back ends installed in the system and lets you use them without having to enter any parameters.
Installation
SiriKali is based on the Qt libraries and is included in the repositories of several popular distributions. You can use your default package manager for the install. If you don't have a back end in place, you'll need to drag in one of the back ends to handle the actual data encryption work.
You could also integrate your own repository for the application with a standard package management system. The developers provide detailed documentation on the project's GitHub [2]. The setup creates a launcher in the desktop menu.
Operation
When you launch SiriKali for the first time, it hides itself away in the system tray on the desktop, featuring a blue icon with a stylized padlock by default. The icon gives you direct access to the tool's most important options without having to take a detour via the menus.
After the first launch, a window opens up with a large vacant space for displaying the files. At the bottom is a buttonbar, but there is no extensive menubar. The software lets you change the locale under Menu | Settings | Select Language; the current version 1.4.8 supports English, French, and Russian.
First, use Create Volume to create a volume, to which you will later back up the data you wish to encrypt. In the selection box, first choose the target filesystem. Only the options installed in the operating system are available; all other options are not active (Figure 1).
After selecting the filesystem, the software opens a small window where you can enter the required data. In the Volume Name box, type the name of the volume; below that you need to define the path for the digital container. By default, the tool uses your home directory. A click on the folder icon to the right lets you enter a different directory if necessary.
Below the box with the path, you need to choose the authentication method. Clicking on the small triangle on the right opens a pop-up menu; by default, the program uses password input. But keys, which you can specify manually, or existing key files are more elegant. Alternatively, you can include Gnome and KDE wallets in SiriKali for authentication. The selection menu also supports the use of a Yubikey token.
Depending on the chosen method, enter the desired password in the next field. In the Options field, you can also specify whether SiriKali will also encrypt the file names.
Depending on the selection, the program prompts you in another dialog for the algorithm you will use to encrypt the data. You will find a list at the top of the window that shows the available algorithms (Figure 2).
After completing the settings, close the window by pressing OK, and then create the volume in the Create window. SiriKali mounts the volume like a conventional drive. You can create multiple drives with different back ends for encryption, and SiriKali lists them in a table in the main window, along with the back end and path (Figure 3).
Precautions
To move files or directories to one of the encrypted volumes, click on the entry in the main window and select Open Folder from the context menu. The software opens the volume in the file manager, where it behaves like a normal, unencrypted directory. You can drag and drop the data into the encrypted volume from another open instance of the file manager in the usual way.
The data is encrypted in real time. After finishing the transfers, it makes sense to unmount the encrypted drive by clicking again on the entry in the main SiriKali window and selecting Unmount from the context menu. The entry for the drive will now disappear from the table.
Buy this article as PDF
(incl. VAT)
Buy Linux Magazine
Subscribe to our Linux Newsletters
Find Linux and Open Source Jobs
Subscribe to our ADMIN Newsletters
Support Our Work
Linux Magazine content is made possible with support from readers like you. Please consider contributing when you’ve found an article to be beneficial.
News
-
The Gnome Foundation Struggling to Stay Afloat
The foundation behind the Gnome desktop environment is having to go through some serious belt-tightening due to continued financial problems.
-
Thousands of Linux Servers Infected with Stealth Malware Since 2021
Perfctl is capable of remaining undetected, which makes it dangerous and hard to mitigate.
-
Halcyon Creates Anti-Ransomware Protection for Linux
As more Linux systems are targeted by ransomware, Halcyon is stepping up its protection.
-
Valve and Arch Linux Announce Collaboration
Valve and Arch have come together for two projects that will have a serious impact on the Linux distribution.
-
Hacker Successfully Runs Linux on a CPU from the Early ‘70s
From the office of "Look what I can do," Dmitry Grinberg was able to get Linux running on a processor that was created in 1971.
-
OSI and LPI Form Strategic Alliance
With a goal of strengthening Linux and open source communities, this new alliance aims to nurture the growth of more highly skilled professionals.
-
Fedora 41 Beta Available with Some Interesting Additions
If you're a Fedora fan, you'll be excited to hear the beta version of the latest release is now available for testing and includes plenty of updates.
-
AlmaLinux Unveils New Hardware Certification Process
The AlmaLinux Hardware Certification Program run by the Certification Special Interest Group (SIG) aims to ensure seamless compatibility between AlmaLinux and a wide range of hardware configurations.
-
Wind River Introduces eLxr Pro Linux Solution
eLxr Pro offers an end-to-end Linux solution backed by expert commercial support.
-
Juno Tab 3 Launches with Ubuntu 24.04
Anyone looking for a full-blown Linux tablet need look no further. Juno has released the Tab 3.