ObjectiveInstall and use Plasma Vault to create encrypted storage directories.
DistributionsThis will work on any distribution with Plasma 5.11 or higher.
RequirementsA working Linux install with Plasma 5.11 or better and root privileges.
- # - requires given command to be executed with root privileges either directly as a root user or by use of
- $ - given command to be executed as a regular non-privileged user
IntroductionThe Plasma desktop's new Vault feature makes encrypting directories incredibly simple. It's built right in to the desktop task manager, and directories can be managed by regular users without
sudo. Vault is an excellent middle ground between single file encryption and whole filesystem encryption. It's not hard to see how useful that can be.
Install VaultBegin by installing Vault. Plasma Vault was introduced in Plasma 5.11, so some distributions may not have it yet. This guide will cover the distributions that have Vault packaged now, but others will follow. In every case, it's named
$ sudo apt install plasma-vaultOpenSUSE Tumbleweed
# zypper install plasma-vaultArch Linux
# pacman -S plasma-vaultGentoo
# emerge --ask plasma-vaultAfter the installation, you may need to log out and log back in to Plasma.
Create A VaultCreating and managing vaults is all done through the system tray. After you logged back in to Plasma, you should see a small lock icon in your tray. That's the icon for Vault.
Click on the lock, and a menu will slide out. Since this is your first time, there won't be any vaults displayed. You will see a button to create one, though. Click on it
A window will open up to walk you through the creation process. On the first screen, give your vault a name, and select an encryption system. Vault selects CryFS by default,and it's currently the best option.
The next screen will give you a notice stating that CryFS hasn't been professionally audited. Just be aware of that and click to the next screen.
Next, create a passphrase for your vault. Make sure that it's both long enough to be secure and memorable. Like with any encryption, if you lose the password, you lose the data it protects.
The following screen will let you select a mount point for your vault. The defaults here are convenient, but you can certainly change them, if you want.
Finally, you can select the cypher used to encrypt your vault. The AES256 options provide the best encryption. When you're done, click "Create" to finalize your new vault.
Mounting And Unmounting
Click on the lock icon in the system tray again. This time, you'll see the new vault that you created. It's already mounted, since you just created it. The mount/unmount icon is to the far right side of the listing. Clicking that will mount or unmount the vault. You don't need root to do this.
With the vault mounted, click on it. You'll see the option to open the directory or change the settings. Go ahead and open the directory. It behaves like a normal direcUse Plasma's new Vault feature to create encrypted folderstory when the vault is mounted. Everything is integrated with Dolphin, so you don't need to worry about any weirdness there either.
When you're done working with the vault, click on the unmount icon next to the vault's name, and it will be unmounted.
If you want to go back and work in the vault again, click the mount icon. You'll be prompted to enter the password that you used to create it. Then, the vault will open up.