Finally after testing encryption on spare debian machine I can say that all home folder has been encrypted on my "live" machine.
I choose CryptoFS:
CryptoFS is a encrypted filesystem for Filesystem in Userspace (FUSE) and the Linux Userland FileSystem (LUFS).CryptoFS will use a normal directory to store files encrypted. The mountpoint will contain the decrypted files. Every file stored in this mountpoint will be written encrypted (data and filename) to the directory that was mounted. If you unmount the directory the encrypted data can only be access by mounting the directory with the correct key again. Like other FUSE/LUFS filesystems it does not need root access or any complicated setup like creating a filesystem on a encrypted disk using the loop device.
CryptoFS can be build for FUSE and LUFS. When you build for FUSE you get a program to mount the filesystem. For LUFS a shared library will be built that can be used by LUFS’s lufsd. Both methods can use the same encrypted directory.
/source:
http://www.debianadmin.com/filesyste...or-linux.html/
I highly recommend to set encryption on sensitive data on your portable device. It native instruction implemented to Linux 2.6 and up, absolutely not make heavy your CPU and RAM.
Here is short procedure which I wrote for myself and would like to share for everyone:
1. apt-get install ecryptfs-utils
2. log off and login as root
load the module with the following command:
modprobe ecryptfs
3. ecryptfs-migrate-home -u [username]
4. log in and run:
ecryptfs-unwrap-passphrase script (supply your user password when it prompts for "Passphrase") and save the value it returns in a safe place
5. remove the temporary home directory
6. test it by connecting f.e. as usb drive
I would like to thank you Stephen and Linux-Rocks for help me with encryption.
Slav.
