Scheduled Maintenance: We are aware of an issue with Google, AOL, and Yahoo services as email providers which are blocking new registrations. We are trying to fix the issue and we have several internal and external support tickets in process to resolve the issue. Please see: viewtopic.php?t=158230

 

 

 

Best Solution for Encrypting Home

Off-Topic discussions about science, technology, and non Debian specific topics.
Post Reply
Message
Author
User avatar
bester69
Posts: 2072
Joined: 2015-04-02 13:15
Has thanked: 24 times
Been thanked: 14 times

Best Solution for Encrypting Home

#1 Post by bester69 »

Hi

I Have recently done my first home encryptation, and taking a look at several solutions,
i got to the conclusion that the most easy and practical method for linux-home encryptation is to use ecryptfs, especially if we dont have a partition home.

The enterprise cryptographic filesystem for Linux
http://ecryptfs.org
eCryptfs is widely used, as the basis for Ubuntu's Encrypted Home Directory, natively within Google's ChromeOS, and transparently embedded in several network attached storage (NAS) devices.
Here, some howto's:
https://fixmynix.com/encrypt-files-and- ... ian-linux/
https://www.fussylogic.co.uk/blog/?p=272
http://xmodulo.com/encrypt-files-direct ... linux.html
https://www.howtoforge.com/tutorial/how ... on-debian/

The Steps and troubles i got into:
1- Encrypting/Migrating the user-home:
--> sudo ecryptfs-migrate-home -u user
ecryptfs. requested a x2'5 of free space to be able to proceed with the encryptation.
I solved this problem creating an empty home user folder, encrypting it, and then moving the uncrypting home to the encrypted mounted home point. As easy as this:
--> sudo rsync -aAXv /home/myuser.unecrypted /home/myuser (encrypted mount point)

Conclusions:
- The App method encryptation feels robust and practical for a regular user, and its very easy to deploy.
- I recommend it for people who travels with its computer very often. 8)
bester69 wrote:STOP 2030 globalists demons, keep the fight for humanity freedom against NWO...

User avatar
bester69
Posts: 2072
Joined: 2015-04-02 13:15
Has thanked: 24 times
Been thanked: 14 times

Re: Best Solution for Encrypting Home

#2 Post by bester69 »

It's so easy to encrypt your home directory, :o

Steps to encryt your home folder:

sudo apt-get install ecryptfs-utils
cd /home && sudo mv myuser myuser.uncrypted
mkdir myurser && chown myuser:myuser myuser
ecryptfs-migrate-home -u myuser

logout/login (It will auto-mount encrypted home): /home/myuser --(linked)--> /home/.ecryptfs/myuser/.Private
Move all your data to encrypted home:
sudo rsync -aAXv /home/myuser.uncrypted/ /home/myuser/
sudo rm -rf /home/myuser.uncrypted/


done!!, easy peace :)
bester69 wrote:STOP 2030 globalists demons, keep the fight for humanity freedom against NWO...

User avatar
phenest
Posts: 1702
Joined: 2010-03-09 09:38
Location: The Matrix

Re: Best Solution for Encrypting Home

#3 Post by phenest »

If anyone was to follow that, it would fail. Any chance you could check your spelling before posting bester?
ASRock H77 Pro4-M i7 3770K - 32GB RAM - Pioneer BDR-209D

User avatar
bester69
Posts: 2072
Joined: 2015-04-02 13:15
Has thanked: 24 times
Been thanked: 14 times

Re: Best Solution for Encrypting Home

#4 Post by bester69 »

i removed encrytation, it was a fail in my old computer (1Gh CPU) :x , I cant watch hd movies without lagging
bester69 wrote:STOP 2030 globalists demons, keep the fight for humanity freedom against NWO...

User avatar
phenest
Posts: 1702
Joined: 2010-03-09 09:38
Location: The Matrix

Re: Best Solution for Encrypting Home

#5 Post by phenest »

I was going to ask if they'd be a potential performance hit. You've answered my question.

Why not just encrypt a few folders that have sensitive data? There's no need to encrypt everything.
ASRock H77 Pro4-M i7 3770K - 32GB RAM - Pioneer BDR-209D

User avatar
bester69
Posts: 2072
Joined: 2015-04-02 13:15
Has thanked: 24 times
Been thanked: 14 times

Re: Best Solution for Encrypting Home

#6 Post by bester69 »

phenest wrote:I was going to ask if they'd be a potential performance hit. You've answered my question.

Why not just encrypt a few folders that have sensitive data? There's no need to encrypt everything.
cos you dont want to take care about what folders you need to protect, If you lost your computer, you dont want anyone to get acces to your accounts, .config/ files usually store that kind of files . I have also a password manager container somewhere in my home :shock: .., the good thing, its i dont travel with my laptop.
bester69 wrote:STOP 2030 globalists demons, keep the fight for humanity freedom against NWO...

mef
Posts: 27
Joined: 2017-04-14 13:42

Re: Best Solution for Encrypting Home

#7 Post by mef »

Hi, I have a somewhat similar question. I want to install Debian on a laptop with just one HDD. Planning to create these partitions:
- sda1 ext2 boot 1GB
- sda2 ext4 root 4GB
- sda3 swap 4GB
- sda4 ext4 home

But since it's a laptop and it could be potentially stolen, maybe it's reasonable to encrypt root, swap and home. My question is: can I create one encrypted volume and create all other partitions (root, swap and home), or should I create 3 separate encrypted partitions (would I then be asked to enter a passphase 3 times?).

User avatar
Ardouos
Posts: 1075
Joined: 2013-11-03 00:30
Location: Elicoor II
Has thanked: 1 time
Been thanked: 4 times

Re: Best Solution for Encrypting Home

#8 Post by Ardouos »

mef wrote:Hi, I have a somewhat similar question. I want to install Debian on a laptop with just one HDD. Planning to create these partitions:
- sda1 ext2 boot 1GB
- sda2 ext4 root 4GB
- sda3 swap 4GB
- sda4 ext4 home

But since it's a laptop and it could be potentially stolen, maybe it's reasonable to encrypt root, swap and home. My question is: can I create one encrypted volume and create all other partitions (root, swap and home), or should I create 3 separate encrypted partitions (would I then be asked to enter a passphase 3 times?).
If you want full disk encryption, I feel it would be best to look into LUKS which encrypts the entire drive.

There are other solutions though.
Last edited by Ardouos on 2017-05-03 13:54, edited 1 time in total.
There is only one Debian | Do not break Debian | Stability and Debian | Backports

⢀⣴⠾⠻⢶⣦⠀
⣾⠁⢠⠒⠀⣿⡁ Debian - The universal operating system
⢿⡄⠘⠷⠚⠋⠀ https://www.debian.org
⠈⠳⣄⠀

mef
Posts: 27
Joined: 2017-04-14 13:42

Re: Best Solution for Encrypting Home

#9 Post by mef »

But wouldn't I need the boot partition to not be encrypted? Otherwise the system won't load.

User avatar
Ardouos
Posts: 1075
Joined: 2013-11-03 00:30
Location: Elicoor II
Has thanked: 1 time
Been thanked: 4 times

Re: Best Solution for Encrypting Home

#10 Post by Ardouos »

mef wrote:But wouldn't I need the boot partition to not be encrypted? Otherwise the system won't load.
Yes you are correct. You can setup an encrypted partition, then create LVM Volume Groups through the installer and leave /boot unencrypted.
Last edited by Ardouos on 2017-05-03 13:53, edited 1 time in total.
There is only one Debian | Do not break Debian | Stability and Debian | Backports

⢀⣴⠾⠻⢶⣦⠀
⣾⠁⢠⠒⠀⣿⡁ Debian - The universal operating system
⢿⡄⠘⠷⠚⠋⠀ https://www.debian.org
⠈⠳⣄⠀

User avatar
Ardouos
Posts: 1075
Joined: 2013-11-03 00:30
Location: Elicoor II
Has thanked: 1 time
Been thanked: 4 times

Re: Best Solution for Encrypting Home

#11 Post by Ardouos »

I was going to write up a quick summary on how to do it, but it seems that after a bit of research on this forum I have found someone that has already explained it.
kce wrote: * This is all done under manual partitioning
* Make your /boot partition
* Make "physical volume for encryption" logical partition.
* Configure encrypted volumes (I prefer AES256)
* Select the encrypted volume, and choose to use it as a "physical volume for lvm"
* Configure LVM
* Add your desired volume group and logical volumes (all of which will be encrypted)
* Select the newly made logical volumes, and choose to use them as "ext4" and make them mountable as /, swap, etc.

http://forums.debian.net/viewtopic.php?t=46874#p267749
There is only one Debian | Do not break Debian | Stability and Debian | Backports

⢀⣴⠾⠻⢶⣦⠀
⣾⠁⢠⠒⠀⣿⡁ Debian - The universal operating system
⢿⡄⠘⠷⠚⠋⠀ https://www.debian.org
⠈⠳⣄⠀

User avatar
bester69
Posts: 2072
Joined: 2015-04-02 13:15
Has thanked: 24 times
Been thanked: 14 times

Re: Best Solution for Encrypting Home

#12 Post by bester69 »

Ardouos wrote:I was going to write up a quick summary on how to do it, but it seems that after a bit of research on this forum I have found someone that has already explained it.
kce wrote: * This is all done under manual partitioning
* Make your /boot partition
* Make "physical volume for encryption" logical partition.
* Configure encrypted volumes (I prefer AES256)
* Select the encrypted volume, and choose to use it as a "physical volume for lvm"
* Configure LVM
* Add your desired volume group and logical volumes (all of which will be encrypted)
* Select the newly made logical volumes, and choose to use them as "ext4" and make them mountable as /, swap, etc.

http://forums.debian.net/viewtopic.php?t=46874#p267749
Ive tested recentlly LVM with dm-crypt and still got some downgrade performance in comparison with ecryptfs, furthermore, it might be some difficult to mantain a full system encryption. I didnt feel confortable with it, so i uninstalled it. I think dm-crypt its ok for a home+swat partition encrypted, not a full system one. I willl use it, when i get a new computer.
bester69 wrote:STOP 2030 globalists demons, keep the fight for humanity freedom against NWO...

User avatar
Ardouos
Posts: 1075
Joined: 2013-11-03 00:30
Location: Elicoor II
Has thanked: 1 time
Been thanked: 4 times

Re: Best Solution for Encrypting Home

#13 Post by Ardouos »

bester69 wrote: Ive tested recentlly LVM with dm-crypt and still got some downgrade performance in comparison with ecryptfs
Like any software, it has it's drawbacks. One of the issues with FDE is your system may take a performance hit, especially when it is an old machine like yours.
There is only one Debian | Do not break Debian | Stability and Debian | Backports

⢀⣴⠾⠻⢶⣦⠀
⣾⠁⢠⠒⠀⣿⡁ Debian - The universal operating system
⢿⡄⠘⠷⠚⠋⠀ https://www.debian.org
⠈⠳⣄⠀

Post Reply