do you use something (on top of full-disk encryption) to encrypt extra sensitive files?
i've used ecryptfs for the longest time mainly becomes the kernel ships it as a builtin module since forever but it looks like it's deprecated (didn't know that) and will likely be removed this year: https://lore.kernel.org/lkml/ZB4nYykRg6UwZ0cj@sequoia/
so i'm wondering what should i use instead. i don't want to use block device encryption because it's overkill
i read about cryfs but it seems unstable and likely to corrupt your some of your files, fscrypt requires ext4 so it's out of question, and there's gocryptfs which seems like the most stable option. anyone tried it?

bump

>>105749748 (OP)
over encrypting is a meme. the os that shall not be named already has this figured out with firevault and it's just as brick-ifying to any would be non government assailant (to which you will always lose).

just use the off the shelf encryption software for your os of choice and I guarantee you for 99% use cases you'll be fine. or you can come back and make us laugh with the "help guys I forgot my 100 character keypass password and locked the keyfile inside of the encrypted drive, am I fucked?" post.

instead of double encryption, you are better served coming up with a system to remotely shut down your computer

>>105749748 (OP)
i just use gpg

>>105749748 (OP)
I use ZFS, so I just make a new encrypted dataset and mount to a particular folder. Unlock for use, lock when done. Can make new ones at will.
It's as easy as it gets.

>>105750791
bware, zfs encryption is basically unmaintained and the guy that implemented it years ago no longer contributes to the openzfs project. just look at the issue tracker and search encryption and ull see all the jank that exists - i recommend you use luks underneath instead!

>>105749748 (OP)

>>105751442
lmao
is this ebussy?