LinuxQuestions.org
Share your knowledge at the LQ Wiki.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 02-11-2012, 12:00 PM   #1
infoslaw
Member
 
Registered: Oct 2011
Location: Belfast
Distribution: Arch Linux x86_64 + Plasma KDE
Posts: 66

Rep: Reputation: Disabled
How to easy set up encryption on existing data - home folder?


Hello Linux community!

So finally when almost everything has been set up on my fantastic Debian AMD64 Wheezy KDE, will come now interesting question.

Does it possible to encrypt all existed personal data on my hard disk (home folder)?

Does someone already done this?

Greetings,
Slav

Last edited by infoslaw; 02-11-2012 at 03:29 PM.
 
Old 02-11-2012, 01:17 PM   #2
Stephen Morgan
Member
 
Registered: Feb 2011
Location: England
Distribution: Slackware
Posts: 163

Rep: Reputation: 17
I've done it on Ubuntu, the command is `ecryptfs-migrate-home -u username`, but you have to be logged out from that account when you do it, then log back in after. The package for that command is, I believe, ecryptfs-utils. Debian ought to be the same.
 
Old 02-11-2012, 02:00 PM   #3
infoslaw
Member
 
Registered: Oct 2011
Location: Belfast
Distribution: Arch Linux x86_64 + Plasma KDE
Posts: 66

Original Poster
Rep: Reputation: Disabled
Quote:
Originally Posted by Stephen Morgan View Post
I've done it on Ubuntu, the command is `ecryptfs-migrate-home -u username`, but you have to be logged out from that account when you do it, then log back in after. The package for that command is, I believe, ecryptfs-utils. Debian ought to be the same.
Thank you very much Stephen. I will try on my test machine and give answer.
 
Old 02-11-2012, 03:01 PM   #4
Linux-Rocks
LQ Newbie
 
Registered: Feb 2012
Posts: 7

Rep: Reputation: Disabled
I use cryptsetup to setup my home partition before installing the the distro. Some distros will have this utility on the LiveCD.

WARNING: IF considering this option, backup your data on the partition(s) you plan to encrypt i.e /home.

Last edited by Linux-Rocks; 02-11-2012 at 03:05 PM.
 
Old 02-11-2012, 03:13 PM   #5
infoslaw
Member
 
Registered: Oct 2011
Location: Belfast
Distribution: Arch Linux x86_64 + Plasma KDE
Posts: 66

Original Poster
Rep: Reputation: Disabled
Quote:
Originally Posted by Linux-Rocks View Post
I use cryptsetup to setup my home partition before installing the the distro. Some distros will have this utility on the LiveCD.

WARNING: IF considering this option, backup your data on the partition(s) you plan to encrypt i.e /home.

Hi Linux-Rocks, Thank you very much for replay for my question, interesting solution
I will look for it as well.

Last edited by infoslaw; 02-11-2012 at 05:02 PM.
 
Old 02-12-2012, 10:34 AM   #6
infoslaw
Member
 
Registered: Oct 2011
Location: Belfast
Distribution: Arch Linux x86_64 + Plasma KDE
Posts: 66

Original Poster
Rep: Reputation: Disabled
Finally after testing encryption on spare debian machine I can say that all home folder has been encrypted on my "live" machine.

I choose CryptoFS:

CryptoFS is a encrypted filesystem for Filesystem in Userspace (FUSE) and the Linux Userland FileSystem (LUFS).CryptoFS will use a normal directory to store files encrypted. The mountpoint will contain the decrypted files. Every file stored in this mountpoint will be written encrypted (data and filename) to the directory that was mounted. If you unmount the directory the encrypted data can only be access by mounting the directory with the correct key again. Like other FUSE/LUFS filesystems it does not need root access or any complicated setup like creating a filesystem on a encrypted disk using the loop device.

CryptoFS can be build for FUSE and LUFS. When you build for FUSE you get a program to mount the filesystem. For LUFS a shared library will be built that can be used by LUFS’s lufsd. Both methods can use the same encrypted directory.

/source: http://www.debianadmin.com/filesyste...or-linux.html/



I highly recommend to set encryption on sensitive data on your portable device. It native instruction implemented to Linux 2.6 and up, absolutely not make heavy your CPU and RAM.

Here is short procedure which I wrote for myself and would like to share for everyone:

1. apt-get install ecryptfs-utils

2. log off and login as root
load the module with the following command:
modprobe ecryptfs

3. ecryptfs-migrate-home -u [username]

4. log in and run:
ecryptfs-unwrap-passphrase script (supply your user password when it prompts for "Passphrase") and save the value it returns in a safe place

5. remove the temporary home directory

6. test it by connecting f.e. as usb drive


I would like to thank you Stephen and Linux-Rocks for help me with encryption.
Slav.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
info about useradd & /etc/skel working with existing home folder andrea_g90 Linux From Scratch 5 05-11-2011 07:41 AM
mixed mounting of automount and fstab in one folder? &different home folder using NIS herofmm Linux - Software 0 04-06-2009 12:00 PM
Linux password encryption and data encryption Tux-Slack Programming 4 06-20-2007 07:46 AM
Home folder icon does not open home folder CiscoGeek Linux - Newbie 3 12-18-2006 08:00 AM
Folder Max Size and Limiting SSH access to home folder. Mefistofeles Linux - General 4 11-26-2005 03:09 PM


All times are GMT -5. The time now is 06:36 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration