I have a text file with various passwords, usernames and financial information on it. Suppose I want to encrypt it, then rsync copies to various devices. If I use GPG to encrypt the file, how can I guarantee there is no unencrypted copy of the file left behind on the HDD or in RAM?
Does that make sense?
I want to encrypt a file (no problem), then make sure there is no way to access the file at all.
Yes, that makes sense. Someone stealing your HDD could perform a forensic analysis and might find your original file. This is very unlikely though. If this is a real concern for you, you can use
shred.With RAM, I suppose the risk vanishes once you power off your computer.
LVM with encryption alias encrypted disk
Maybe the best way to keep things secret is to install Ubuntu according to this test case,
Install Ubuntu to the entire disk with lvm and encryption
and do the secret tasks in this system. Encrypted copies can be rsynced to other systems, which are not encrypted.
Comments
This kind of system is as vulnerable to attacks via the internet connection as any other system. So be very cautious when browsing the internet etc. And shut down the system, when you are not using it.
You can
shredthe original files, but with journaling (which is used in a modern operating system), there is no guarantee, that all temporary copies are overwritten.It is difficult or sometimes even impossible to recover a damaged encrypted system, so it is very important to have a good backup routine (to take backups at regular intervals, and to keep the backup copy in a place that is safe against theft, flood and fire.
Use a good password and remember it. There is no back door ;-)