On Encryption - Kundalini-Crypt, GPG, VeraCrypt & KeePassXC


It goes without saying how important it is to keep your files safe. In case of an attack or any problem, it is quite constructive to keep your files safe and encrypted from prying eyes.

There are several programs/software that you can use to keep your files encrypted - one of them is GPG. In this post we will discuss VeraCrypt, KeePassXC, GPG and Kundalini-Crypt. To get started, you need to get these first:

# apt install keepassxc

You should get VeraCrypt from the VeraCrypt site, or from there if it is available in your repository. For Slackware Linux, you can install it from source here:

VeraCrypt [SlackBuilds]

If your distribution's repository does not include VeraCrypt and you cannot get it from the VeraCrypt website, you must install it from source. Don't worry, it's not complicated, just follow the instructions provided. To get Kundalini-Crypt, see the "Programs" section at the bottom of the page.

Once you have it, open it and follow the instructions. Click on the "Create Volume" button, select the "Create Encrypted File Container" interface. You can then choose between "Standard" or "Hidden" volume, this post will now follow the "Standard" section. Same for "Hidden", but here you have to go through the process twice.

Here you need to select a folder for your VeraCrypt file, then choose one of the encryptions - I recommend "Aes(Twofish)", but it's up to you. For the name, I'm using "veracrypt_file_cont" for now. Then you need to specify the size of the storage - this is also your choice. So think about what you want to use it for. If you want to store everything here, several GB is recommended, if you want to store sensitive files, 3-4 GB is enough.

Then you need to enter a password. It is worth generating a strong password in KeePassXC or using Kundalini-Pass. You can also specify an additional security step - PIN, "Keyfiles", which I also recommend to consider. You can save all your data in a file, which you can then encrypt with GPG.

For the "Keyfiles" you need to generate - choose as many as you want, which you also need to store in a folder - this might be stored in a hidden folder independent of VeraCrypt [But don't delete the folder, you might screw it up].

Then you have to choose the file system, I leave that to you. Then you need to format the volume - you can do this by moving the mouse systematically and randomly - wait until the strip ends and says "Done: 100%". Then you are ready to use your container!

Go back to the VeraCrypt home screen and select "Select File". Here you need to enter the VeraCrypt file you saved at the very beginning, in my case it's "veracrypt_file_cont". Then click on the "Mount" button and follow the instructions. Enter your password, enter your PIN and "Keyfiles" if you have chosen and then click "Ok". Then you need to enter your system password and you're done!

If something is wrong, you probably misspelled your password or PIN. Once you've done that, your container folder will appear. You can put whatever files you want in it and keep them encrypted and hidden. If you want to unmount it, just go back to VeraCrypt, select the container, click "Dismount" and you're done.

You can also store your passwords here, but it's a good idea to store your passwords in a separate, encrypted location, such as KeePass. The method is also simple, just follow it.

Open KeePassXC and click on the "Create a new database" button. Enter a name for the database and add a description if you wish. You can increase the value of "Decryption time" up to 5s. You may want to set this to 3-4, this will increase the security of your container.

Click on the "Advanced settings" button to choose encryption - I recommend Twofish, but you can also use the default AES if you want. You will then need to enter a password. Again, you'll need to use a strong password. An example of password generation with Kundalini-Pass:

$ kundalini-pass -g

Password generation...

Password: *UTi{9_BmTj+(Y_LS/+b7/yf84uWwaU)T27B3gw

You can save this encrypted in a folder or in VeraCrypt itself. It is recommended to use GPG encryption on the file where you store the passwords. After entering the password, the program will ask you where you want to save the KeePass file. Do the same as for VeraCrypt. And that's it!

Your passwords are now secure and encrypted.

You can also use GPG and Kundalini-Crypt to make your files even more secure. Let's take a simple example - the file name will be "super_secret_file" in this example, the content should be "Hi, I'm BrightSpace666 From The Joy Of Satan.", and you want to keep this file very secure. Starting with Kundalini-Crypt, we first encode the contents of the file:

$ kundalini-crypt --encode super_secret_file encoded_super_secret_file

The newly encoded files will have the file extension ".kundalini" [encoded_super_secret_file.kundalini]. You can see that the contents of the files have been completely changed:

$ cat encoded_super_secret_file.kundalini

We will see that the file contains symbols, characters and everything else - our file is encoded. Then:

$ gpg -c encoded_super_secret_file.kundalini

Here we choose a strong password like the one I just generated with Kundalini-Pass: "*UTi{9_BmTj+(Y_LS/+b7/yf84uWwaU)T27B3gw"

Our file was first encoded and then encrypted with GPG. If you want to decrypt:

$ gpg encoded_super_secret_file.kundalini.gpg

We entered the password [In my case - *UTi{9_BmTj+(Y_LS/+b7/yf84uWwaU)T27B3gw] and got the decrypted file. However, here we do not see what we typed, but the encoded content. In order to get the content back permanently:

$ kundalini-crypt --decode encoded_super_secret_file.kundalini decoded_super_secret_file

You can see the contents of the file:

$ cat decoded_super_secret_file

"Hi, I'm BrightSpace666 From The Joy Of Satan."

This is a double protection for the content of your files. Note that if you encode a file using Kundalini-Crypt, it will have the suffix ".kundalini" at the end of its name. Don't forget this when you want to recover the contents [just write .kundalini after the file as shown above].

I've built GPG encryption into Kundalini-Crypt, so you can do it from there:

# kundalini-crypt --encrypt

Be careful,

Sieg Heil!

Return To Homepage