22nd December 2016, 12:21
Well i've certainly been overwhelmed by the copious replies, but have finally finished evaluating them all.
Based on my further research & testing in my Tower VM, & my subsequent rebuild of Lappy into similar dual-boot configuration, i "un-eliminated" eCryptfs as i discovered this nice tutorial; https://www.unixmen.com/encrypt-directo ... tfs-linux/. So i've now extensively tested two alternatives, VeraCrypt vs eCryptfs, the first on a dedicated container in /DATA, the second on a dedicated directory in /DATA.
1.Neither has advantage wrt my original Objective #3, as unfortunately neither will auto-mount on boot for me. However i’ve deduced a semi-elegant & acceptable workaround via custom launchers to semi-automate the requisite CLI commands.
2.Similarly neither has advantage wrt my unpleasant & irritating discovery that every time i reboot to the other distro, i lose write-permission to /DATA & have to reinstate it via a CLI chown command. Once again however i’ve deduced a semi-elegant & acceptable workaround via custom launchers.
3.They both satisfy Objective #4; both do do transparent on-the-fly decryption/encryption once mounted in a session.
4.Again they both also satisfy Objectives #5 & #6; both do remain mounted during Suspend but auto-dismount for Reboot or power-loss.
5.VeraCrypt has notional disadvantage that i had to guess the necessary size of the encrypted container when i created it, so if in future it fills up, there is no, or no nice practical, way to extend it.
6.Conversely the eCryptFS directory in /DATA needs no advance sizing, & indeed if at some future time it fills up, i can relatively simply expand my /DATA partition with gparted, & the directory will simply grow with it.
7.Despite hours of research i’ve still not been able to conclude if one has cryptographic advantages over the other. They have structural differences by design, but these do not necessarily ipso facto denote advantage / disadvantage, to my limited understanding.
8.Whilst still not finalised, i think at this stage i am now leaning towards eCryptFS of /DATA/docsNdata, rather than the VeraCrypt container.
Does any kind reader have any corroborative or contradictory advice pls?
Based on my further research & testing in my Tower VM, & my subsequent rebuild of Lappy into similar dual-boot configuration, i "un-eliminated" eCryptfs as i discovered this nice tutorial; https://www.unixmen.com/encrypt-directo ... tfs-linux/. So i've now extensively tested two alternatives, VeraCrypt vs eCryptfs, the first on a dedicated container in /DATA, the second on a dedicated directory in /DATA.
1.Neither has advantage wrt my original Objective #3, as unfortunately neither will auto-mount on boot for me. However i’ve deduced a semi-elegant & acceptable workaround via custom launchers to semi-automate the requisite CLI commands.
2.Similarly neither has advantage wrt my unpleasant & irritating discovery that every time i reboot to the other distro, i lose write-permission to /DATA & have to reinstate it via a CLI chown command. Once again however i’ve deduced a semi-elegant & acceptable workaround via custom launchers.
3.They both satisfy Objective #4; both do do transparent on-the-fly decryption/encryption once mounted in a session.
4.Again they both also satisfy Objectives #5 & #6; both do remain mounted during Suspend but auto-dismount for Reboot or power-loss.
5.VeraCrypt has notional disadvantage that i had to guess the necessary size of the encrypted container when i created it, so if in future it fills up, there is no, or no nice practical, way to extend it.
6.Conversely the eCryptFS directory in /DATA needs no advance sizing, & indeed if at some future time it fills up, i can relatively simply expand my /DATA partition with gparted, & the directory will simply grow with it.
7.Despite hours of research i’ve still not been able to conclude if one has cryptographic advantages over the other. They have structural differences by design, but these do not necessarily ipso facto denote advantage / disadvantage, to my limited understanding.
8.Whilst still not finalised, i think at this stage i am now leaning towards eCryptFS of /DATA/docsNdata, rather than the VeraCrypt container.
Does any kind reader have any corroborative or contradictory advice pls?