How would I go about encrypting my brand new 256GB SD-card, which is meant for my Android phone, considering the following:
- Card should be usable across multiple Android devices, and other platforms (Linux..). As a consequence, native Android SD-card encryption is not a solution as the contents are not readable on other platforms, nor recoverable if the phone fails or needs a reset.
- Use case is protecting data, mostly pictures, from phone thief/finder, not from a gvt agency or police. My understanding is that most encryption methods are broken on Android for these purposes as the keys are often accessible from memory. In that sense, the phone is considered trusted once unlocked, so encryption should be transparent so that files are accessible via standard phone apps (i.e. pictures show in Gallery).
Ideas:
- Full disk encryption methods such as Luks. I found this program : EDS which apparently can mount Luks volume if the phone is rooted. I have no idea how efficient this is performance-wise, or if it is safe for the card.
- Commercial programs using their own file-based encryption but available on multiple platforms such as Boxcryptor, or Cryptomator. Their purpose is originally to encrypt files before storing them in the cloud. It doesn't seem that I can access files using regular apps using this solution.
- Changing my phone to one on which I can install UbPorts :)
- Using Termux and rooting the phone to mount a
gocryptfsor other encrypted file system - Using Android default sd card encryption (FDE/FBE), dumping memory to get access to the encryption key and using that from Linux to access files
- Other welcome idea !
I cannot find any info about this use case which seems very strange to me..
Thank you very much for any input !
No comments:
Post a Comment