Plasma Vault: cannot choose encryption algorithm

Help
1

Hi there,

so when i create a new Plasma Vault through the widget, i cannot choose any encryption algorithm - it just creates a gocryptfs vault, without asking.

I’d expect to be able to pick Cryfs also, for example?

Please advise, thank you!

Operating System: TUXEDO OS
KDE Plasma Version: 6.5.2
KDE Frameworks Version: 6.19.0
Qt Version: 6.9.2
Kernel Version: 6.14.0-123037-tuxedo (64-bit)
Graphics Platform: Wayland

 ❯ dpkg -l | grep -Ei 'plasma-vault|cryfs|gocryptfs'
ii  cryfs                                                    0.11.4-1build5                             amd64        encrypt your files and store them in the cloud
ii  gocryptfs                                                2.4.0-1ubuntu0.24.04.3                     amd64        Encrypted overlay filesystem written in Go
ii  plasma-vault                                             6.5.2-0ubuntu1~tux1                        amd64        Plasma applet and services for creating encrypted vaults

❯ cat /etc/lsb-release
DISTRIB_ID=Ubuntu
DISTRIB_RELEASE=24.04
DISTRIB_CODENAME=noble
DISTRIB_DESCRIPTION="TUXEDO OS 24.04.3 LTS"
2

Plasma Vaults Intentionally only supports gocryptfs for new vaults.

1 Like
3

Thank you for your reply @ngraham

Okay i see, good to know…

Why exactly is that? Is this decision “documented” anywhere?

4

See Only allow gocryptfs for new vaults (!62) · Merge requests · Plasma / Plasma Vault · GitLab

Two primary reasons:

  1. Having multiple backends is unnecessarily technical for a user-facing piece of software like this. This kind of thing is very difficult to explain to users, and having only one supported backend for new vaults simplifies the setup process.
  2. Gocryptfs is the best backend. It’s the most auditably secure and the most actively developed.
1 Like
5

Thank you for clarifying @ngraham

I noticed gocryptfs does not support encrypting file metadata, file sizes and such. That’s why i asked…

I can understand why the choice was made for security reasons, so i’ll use gocryptfs for now.

Hopefully Plasma Vault will implement Cryptomator sometime in the future :slight_smile: