hello Is there any way that stolen files from a computer can not be used on another computer And only be used on the main computer? i have veraCrypt and encrypt my files with it but when i open veraCrypt and show veraCrypt mount drive data are transferable by malware. is there a way for this problem? I'm sorry if my English is not good
You could also encrypt individual files. For example, KeePass database (.kdbx) files are encrypted. Or you can use GnuPG with symmetric passphrases.
Well, KeePass is a password management app. And GnuPG is a encryption app. Encrypting stuff won't keep malware or adversaries from stealing your stuff. But it will be useless. My point is that full-disk encryption and file-level encryption complement each other.
Applications like keepass only offer encryption at rest which is a lot like a lock box. You can put stuff in, but the moment you unlock the lock box, anyone that has access to your computer physically or remotely could access/steal the contents. There are a number of different solutions available for file encryption that could benefit you if your interested, but keep in mind the limitation. The environmental conditions (states) or variables of your system and network could theoretically be used to determine if a file should be eligible for decryption. Bruce Schneier discusses something along these for usage by a clueless agent system, but i'm not aware of any really decent encryption or file management solutions that offer this type solution. Largely because most applications and services follow the (PKI) model for using keys and other credentials to authenticate. Only advise that I can give is use database/file encryption and try to store sensitive or confidential data externally off of your local system. It's better to access it on-demand. https://www.schneier.com/cryptography/archives/1998/06/environmental_key_ge.html
Yes, it's a hard problem. FDE only protects when the system is off. File-based encryption only protects when files are encrypted. The most secure approach, as Techwiz says, is keeping sensitive stuff offline. That, and keeping adversaries and malware out of your systems
