Google Photos supposedly encrypts all of your pictures, Android is supposed to be encrypted 1-by-1 ? if I am to understand what they are doing correctly. Of course creating an encrypted Luks container in your system would suffice for this, but would require mounting > unmounting the container.
Creating a 7z archive would also do, but the larger the archive, the longer it would take to decrypt.
What if an app could simply encrypt > decrypt your pictures when you need to view them? Not sure there is any thing like this that I am aware of.
I thought GPG would be the most practical, since you can store your key in a password manager safely or have it in your keyring where ever Linux has it.
These are ideas I have had for a while, and have come from a recent project to archive about 30yrs of pictures. I wrote a simple bash script to do this while logging the passwords, archive info into a .log file.
#!/bin/bash
# Rename files
for pattern in "s/,/_/g" "s/ /_/g" "s/_-_/_/g" "s/__/_/g"; do
prename "$pattern" *
done
seq=42600
echo 'dir,prefix,seq,archive,password' >> "/home/<User>/log.csv"
for dir in *; do
prefix=$(head -c 9 <(tr -dc '0-9' < /dev/urandom)) # generate random 6-digit prefix
pw64=$(head -c 64 <(tr -dc '[:alnum:]' < /dev/urandom)) # generate random 64-char alphanumeric string
((seq+=1))
archive=$(printf "${prefix}_archive_%04d" "$seq") # name of archive
7za a -t7z -m0=lzma -mx=9 -mfb=64 -md=32m -ms=off -p"$pw64" -mhe=on "$archive.7z" "$dir"
echo "$dir,$prefix,$seq,$archive,$pw64" >> "/home/<User>/log.csv"
done
Over 2 thousand archives were created in the process, and was good for storing. The .log file relevant information was easily stored in a password manager like keepassXC for safe keeping and backup.
This is great for full archives, but very time consuming to extract and view. During holidays or gatherings, to have to decrypt > extract > view and then repeat when done is impractical.
Convenience over Security? Maybe we don’t have to compromise this time. . .
If every image was done individually, it would lessen the time to decrypt>view done !
I’m open to ideas and have some time before i layout everything. I want to keep things simple. I want to pursue the GPG keys since Public/Private keys can open this up to sharing easily as well.
Suggestions…
Thanks