83 private links
Helps in creating and sharing secrets easily.
Uses AWS and GCE stuff for encryption but can also function without all that and just use GPG or age for encrypting.
Can be used to encrypt specific files in a git repo, or even encrypt/decrypt parts of a file (for example a specific value in a yml or json file).
Very neat and seems really useful!
One possible solution to remove persistent keys from ssh-agent (or gpg-agent). Worked for me!
Very interesting, circumventing encrypted disks even from turned off systems by having USB/CD boot enabled.
This program automatically exploits a system and puts it on its (bad) way.
How to set up wireguard in the first place, but then also an example of how to set up routing in your reverse proxy to be able to get to endpoints on a VPS.
Since it is really hard to just search for pass ('The simple password manager', thanks for the unique naming scheme 😉) extensions on github and similar places, this list comes in really handy.
Best alternative is to search for the 'pass-extension' topic on github.
A rust implementation of age (https://links.martyoeh.me/shaare/AXXx7g)
tries to have small explicit keys, no config options, and UNIX-style composability.
A gpg alternative that feels more modern, allows for less customization (which is generally a good thing in encryption) and has a very simple interface.
In essence it tries to be everything that gpg is not - except for also being secure. Unfortunately, adoption and integration is nowhere near the level of gpg (e.g. e-mail encryption, keyservers, general adoption with public key profiles reachable over web, etc)
An open source, self-hosted implementation of the Tailscale control server
To encrypt your SSH key, use:
ssh-keygen -p -f ~/.ssh/id_rsaIf the encrypted private key is stolen, an attacker needs to brute-force (guess) your password to use it.
To be more resistant to brute force-attacks, specify -a <number> to set the number of rounds used. The default is 16.
ssh-keygen -p -a 500 -f ~/.ssh/id_rsaCombining s3fs and encfs for encrypted, transparent locally-available file storage on any cloud (S3) provider.
Tools mentioned are a little old and potentially superseded, see data encryption comparison https://links.martyoeh.me/shaare/rFw2Mw
Nicely detailed overview of different encryption options for your (linux) files. Lists advantages and disadvantages and should be considered a starting point for considerations of encryption options.
Another explanation of installing arch with BTRFS and encryption - this time with encrypted boot partition and grub bootloader.
An exhaustive writeup of installing an encrypted BTRFS arch on SSD on the arch wiki.
Encrypted laptop with Btrfs and no LVM
ZFS Bootloader for root-on-ZFS systems with support for snapshots and native full disk encryption. Seems to provide some good explanation for setting it up - but still requires a bootloader such as refind, etc.
The complete guide to using and setting up a LUKS encrypted partition on Linux utilizing the YubiKey as authentication
Poettering writes on the full safely encrypted boot chain for encryption at rest and going byond FDE provided by LUKS, especially regarding individually encrypted home directories.
Google cloud services (computing instance) offer encryption by default for disk storage, the customer can provide its own key with the feature customer supplied encryption (detailed here also).
How can we apply a disk encryption with cryptsetup without giving the encryption key to google?