Best Solution for Encrypting Home

If it doesn't relate to Debian, but you still want to share it, please do it here

Best Solution for Encrypting Home

Postby bester69 » 2017-04-28 19:12

Hi

I Have recently done my first home encryptation, and taking a look at several solutions,
i got to the conclusion that the most easy and practical method for linux-home encryptation is to use ecryptfs, especially if we dont have a partition home.

The enterprise cryptographic filesystem for Linux
http://ecryptfs.org
eCryptfs is widely used, as the basis for Ubuntu's Encrypted Home Directory, natively within Google's ChromeOS, and transparently embedded in several network attached storage (NAS) devices.

Here, some howto's:
https://fixmynix.com/encrypt-files-and- ... ian-linux/
https://www.fussylogic.co.uk/blog/?p=272
http://xmodulo.com/encrypt-files-direct ... linux.html
https://www.howtoforge.com/tutorial/how ... on-debian/

The Steps and troubles i got into:
1- Encrypting/Migrating the user-home:
--> sudo ecryptfs-migrate-home -u user
ecryptfs. requested a x2'5 of free space to be able to proceed with the encryptation.
I solved this problem creating an empty home user folder, encrypting it, and then moving the uncrypting home to the encrypted mounted home point. As easy as this:
--> sudo rsync -aAXv /home/myuser.unecrypted /home/myuser (encrypted mount point)

Conclusions:
- The App method encryptation feels robust and practical for a regular user, and its very easy to deploy.
- I recommend it for people who travels with its computer very often. 8)
User avatar
bester69
 
Posts: 949
Joined: 2015-04-02 13:15

Re: Best Solution for Encrypting Home

Postby bester69 » 2017-05-01 17:07

It's so easy to encrypt your home directory, :o

Steps to encryt your home folder:

sudo apt-get install ecryptfs-utils
cd /home && sudo mv myuser myuser.uncrypted
mkdir myurser && chown myuser:myuser myuser
ecryptfs-migrate-home -u myuser

logout/login (It will auto-mount encrypted home): /home/myuser --(linked)--> /home/.ecryptfs/myuser/.Private
Move all your data to encrypted home:
sudo rsync -aAXv /home/myuser.uncrypted/ /home/myuser/
sudo rm -rf /home/myuser.uncrypted/


done!!, easy peace :)
User avatar
bester69
 
Posts: 949
Joined: 2015-04-02 13:15

Re: Best Solution for Encrypting Home

Postby phenest » 2017-05-01 17:19

If anyone was to follow that, it would fail. Any chance you could check your spelling before posting bester?
NEC Spirit 550 P4 3.8GHz HT - 2GB RAM - nVidia 7600GT - Pioneer BDR-209DBK
ASUS Sabertooth P67 i7 3770K - 32GB RAM - 2x nVidia 660GTX SLI'd
User avatar
phenest
 
Posts: 1571
Joined: 2010-03-09 09:38
Location: The Matrix

Re: Best Solution for Encrypting Home

Postby bester69 » 2017-05-02 16:15

i removed encrytation, it was a fail in my old computer (1Gh CPU) :x , I cant watch hd movies without lagging
User avatar
bester69
 
Posts: 949
Joined: 2015-04-02 13:15

Re: Best Solution for Encrypting Home

Postby phenest » 2017-05-02 16:18

I was going to ask if they'd be a potential performance hit. You've answered my question.

Why not just encrypt a few folders that have sensitive data? There's no need to encrypt everything.
NEC Spirit 550 P4 3.8GHz HT - 2GB RAM - nVidia 7600GT - Pioneer BDR-209DBK
ASUS Sabertooth P67 i7 3770K - 32GB RAM - 2x nVidia 660GTX SLI'd
User avatar
phenest
 
Posts: 1571
Joined: 2010-03-09 09:38
Location: The Matrix

Re: Best Solution for Encrypting Home

Postby bester69 » 2017-05-02 21:48

phenest wrote:I was going to ask if they'd be a potential performance hit. You've answered my question.

Why not just encrypt a few folders that have sensitive data? There's no need to encrypt everything.

cos you dont want to take care about what folders you need to protect, If you lost your computer, you dont want anyone to get acces to your accounts, .config/ files usually store that kind of files . I have also a password manager container somewhere in my home :shock: .., the good thing, its i dont travel with my laptop.
User avatar
bester69
 
Posts: 949
Joined: 2015-04-02 13:15

Re: Best Solution for Encrypting Home

Postby mef » 2017-05-03 07:26

Hi, I have a somewhat similar question. I want to install Debian on a laptop with just one HDD. Planning to create these partitions:
- sda1 ext2 boot 1GB
- sda2 ext4 root 4GB
- sda3 swap 4GB
- sda4 ext4 home

But since it's a laptop and it could be potentially stolen, maybe it's reasonable to encrypt root, swap and home. My question is: can I create one encrypted volume and create all other partitions (root, swap and home), or should I create 3 separate encrypted partitions (would I then be asked to enter a passphase 3 times?).
mef
 
Posts: 27
Joined: 2017-04-14 13:42

Re: Best Solution for Encrypting Home

Postby Ardouos » 2017-05-03 07:37

mef wrote:Hi, I have a somewhat similar question. I want to install Debian on a laptop with just one HDD. Planning to create these partitions:
- sda1 ext2 boot 1GB
- sda2 ext4 root 4GB
- sda3 swap 4GB
- sda4 ext4 home

But since it's a laptop and it could be potentially stolen, maybe it's reasonable to encrypt root, swap and home. My question is: can I create one encrypted volume and create all other partitions (root, swap and home), or should I create 3 separate encrypted partitions (would I then be asked to enter a passphase 3 times?).

If you want full disk encryption, I feel it would be best to look into LUKS which encrypts the entire drive.

There are other solutions though.
Last edited by Ardouos on 2017-05-03 13:54, edited 1 time in total.
User avatar
Ardouos
 
Posts: 933
Joined: 2013-11-03 00:30
Location: Elicoor II

Re: Best Solution for Encrypting Home

Postby mef » 2017-05-03 08:25

But wouldn't I need the boot partition to not be encrypted? Otherwise the system won't load.
mef
 
Posts: 27
Joined: 2017-04-14 13:42

Re: Best Solution for Encrypting Home

Postby Ardouos » 2017-05-03 11:34

mef wrote:But wouldn't I need the boot partition to not be encrypted? Otherwise the system won't load.

Yes you are correct. You can setup an encrypted partition, then create LVM Volume Groups through the installer and leave /boot unencrypted.
Last edited by Ardouos on 2017-05-03 13:53, edited 1 time in total.
User avatar
Ardouos
 
Posts: 933
Joined: 2013-11-03 00:30
Location: Elicoor II

Re: Best Solution for Encrypting Home

Postby Ardouos » 2017-05-03 12:20

I was going to write up a quick summary on how to do it, but it seems that after a bit of research on this forum I have found someone that has already explained it.

kce wrote:* This is all done under manual partitioning
* Make your /boot partition
* Make "physical volume for encryption" logical partition.
* Configure encrypted volumes (I prefer AES256)
* Select the encrypted volume, and choose to use it as a "physical volume for lvm"
* Configure LVM
* Add your desired volume group and logical volumes (all of which will be encrypted)
* Select the newly made logical volumes, and choose to use them as "ext4" and make them mountable as /, swap, etc.



viewtopic.php?t=46874#p267749
User avatar
Ardouos
 
Posts: 933
Joined: 2013-11-03 00:30
Location: Elicoor II

Re: Best Solution for Encrypting Home

Postby bester69 » 2017-05-07 19:19

Ardouos wrote:I was going to write up a quick summary on how to do it, but it seems that after a bit of research on this forum I have found someone that has already explained it.

kce wrote:* This is all done under manual partitioning
* Make your /boot partition
* Make "physical volume for encryption" logical partition.
* Configure encrypted volumes (I prefer AES256)
* Select the encrypted volume, and choose to use it as a "physical volume for lvm"
* Configure LVM
* Add your desired volume group and logical volumes (all of which will be encrypted)
* Select the newly made logical volumes, and choose to use them as "ext4" and make them mountable as /, swap, etc.



viewtopic.php?t=46874#p267749

Ive tested recentlly LVM with dm-crypt and still got some downgrade performance in comparison with ecryptfs, furthermore, it might be some difficult to mantain a full system encryption. I didnt feel confortable with it, so i uninstalled it. I think dm-crypt its ok for a home+swat partition encrypted, not a full system one. I willl use it, when i get a new computer.
User avatar
bester69
 
Posts: 949
Joined: 2015-04-02 13:15

Re: Best Solution for Encrypting Home

Postby Ardouos » 2017-05-08 09:02

bester69 wrote:Ive tested recentlly LVM with dm-crypt and still got some downgrade performance in comparison with ecryptfs


Like any software, it has it's drawbacks. One of the issues with FDE is your system may take a performance hit, especially when it is an old machine like yours.
User avatar
Ardouos
 
Posts: 933
Joined: 2013-11-03 00:30
Location: Elicoor II


Return to Offtopic

Who is online

Users browsing this forum: No registered users and 4 guests

fashionable