Why doesn’t file/folder encryption work the way I imagine it should? Can I have the UX I want? Tell me what’s wrong with this idea
I have been looking around at various encryption schemes, and I haven't found anything exactly like what I want in terms of user experience.
If what I want isn't a thing, I assume it's been thought of, but other approaches won out. So can someone help me understand what would be wrong with a security model that works like this?
A utility that interfaces with my GUI and terminal such that a GPG-encrypted archive is displayed as a special kind of folder.
I can navigate into this archive/fake folder using
ls
or open files/paths within it like any other directory, except that I need to enter the password when opening a file or changing directory.Decryption happens either in memory or in a root-only temporary directory that isn't synced, such that the decrypted data is never synced to the cloud.
If the system configurations and stuff that underlie the fake folder/archive thingy are lost, it can simply be decrypted like any normal GPG-encrypted archive. Likewise, GPG archives copied onto a system where this is set up will behave like password-protected folders.
What would be even nicer would be to tie this to a hardware key so that I can
ls
and open files in the encrypted "folder" and authenticate by just touching the key.
Does this exist? If not, is there a reason why it is a bad or impractical security model?
And does anything like this have to be a whole filesystem like EncFS? Can't it just be an extension of the file browser that transparently handles unarchiving and shows the resulting folder/files?