How To Create Encrypted Folders On KDE Linux Desktop With Vaults
The KDE Plasma desktop version 5.11 has a new feature called Vaults. Vaults lets users create encrypted folders on KDE Linux directly from the panel. If you’d like to use the new Vaults feature, you’ll have to update your version of KDE to version 5.11. Upgrading to this version should be as easy as opening up the update manager and running the update tool.
If you’re using an operating system that doesn’t tend to update KDE as often, consider switching over to something that can more easily deliver the latest versions of KDE as they come out. Of course, there are many good choices, but probably the best option for those that want to try out vault is KDE Neon. It’s a Linux distribution that is dedicated to delivering the absolute latest versions of Plasma on top of a stable Ubuntu base.
Head over to the Neon website, download it and install the operating system. Keep in mind, that you’ll need to make a USB flash image to install this operating system.
Creating A Vault
In 5.11, you’ll notice there’s now a lock icon on your Plasma panel. The lock logo is the new “vaults” feature for KDE. With it, users can efficiently use the KDE Plasma 5 desktop to create encrypted volumes (aka vaults), to lock up and encrypt personal files. Even though it looks simple, it isn’t. Vaults are using standard tech to accomplish what it needs to do.
To create a new Vault, use your mouse and click the lock icon on the desktop. Look for the button that says “Create a new Vault” and select it. Selecting the “create new” option will bring up a dialog wizard that will take you through creating encrypted Vaults on KDE Plasma.
Start off by going to the “Vault name” section of the wizard, and enter the name you’d like to give your encrypted vault. Then, click select one of the two options for encryption. Currently, the KDE desktop supports CryFS and EncFS. Any of these options are fine, but if you’re gravely concerned about your data, its best to do a little research before choosing one.
On the next page, you’ll be required to read a security notice that gives out information on the encryption technology you’ve chosen. Click “Do not show this notice again,” and then click “Next” to move on to the encryption stage.
Password
The password portion of KDE Vaults is probably the most important. With a weak password, it doesn’t matter how sophisticated the encryption tools are, as your Vault may still be vulnerable. For best results, go to the password section, and test out different passwords for their strength. Keep in mind the meter’that shows how strong or weak your password is, and don’t use anything too weak. If you have a hard time finding a secure password for the encryption process, consider heading over to this website to generate a secure one instead.
When you’ve entered a secure password, re-enter it again to verify that it is safe and then click “next” to continue to the mount points section.
Mount Points
Mount points are the section of KDE Vaults that let the user customize precisely where the encrypted archives save. There are two mount points: the encrypted data location (where locked Vaults save), and the “mount point.” The mount point is the location where the decrypted vault files are accessible on the system.
The location for the encrypted vaults is (by default) ~/.local/share/plasma-vault/. This location shouldn’t need to be changed and works just fine. Mount points open under ~/Vaults. If you’d like it to mount somewhere else, go to the “Mount point” dialog box and write in a new folder location. Keep in mind that you’ll only be able to specify a location that already exists, as the Wizard will not create a new folder for you.
Cipher Settings
The cipher settings area isn’t something that the average user should need to mess with it. That said, if you care deeply about the encryption algorithm, you may want to read the different options available. Click the next button, and continue to create your vault. When the vault is complete, the wizard will close.
Access vaults
To access any of your KDE Plasma 5 vaults, go back to the lock menu and select it. Find a vault and click the icon next to it to start the mount process. Enter your password, and soon it will load up. From there, go into the vault menu, select the vault again, and click “open in file manager.” From here you’ll be able to place as many items as you want in it, and everything will be safely encrypted.
Deleting Vaults
Need to delete your vault? Follow these steps.
cd ~/Vaults
Once there, use ls to reveal the vaults in the folder, then use rm to delete it.
rm vaultname
Next, cd into ~/.vaults and look for a file (with a .enc) extension and delete it. Be sure to only delete the ENC file with the vault name you’d like to delete!
rm vaultname.enc
Lastly, open nano and delete any references to your Vault in ~/.config/plasmavaultrc and save it.
nano ~/.config/plasmavaultrc
Save with Ctrl + O.
I am new to this – made a vault and made a test text file in it. I copied the file to dropbox then opened it from my phone as a test – it opened just fine. I thought the purpose of the vault was to encrypt the files – but the copy I sent to dropbox wasn’t encrypted. What am I doing wrong?
The purpose is have an encrypted *folder* where you may put content. If you open the vault and from there send any content that will be sent in clear. If your case lies with individual file use something o the tune of GPG. (BTW, if you sent an the *.enc to Dropbox you will see that is an encrypted blob, but you will not be able to open in Dropbox.)