LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Newbie (https://www.linuxquestions.org/questions/linux-newbie-8/)
-   -   How to easy set up encryption on existing data - home folder? (https://www.linuxquestions.org/questions/linux-newbie-8/how-to-easy-set-up-encryption-on-existing-data-home-folder-928825/)

infoslaw 02-11-2012 11:00 AM
How to easy set up encryption on existing data - home folder?
 
Hello Linux community!

So finally when almost everything has been set up on my fantastic Debian AMD64 Wheezy KDE, will come now interesting question.

Does it possible to encrypt all existed personal data on my hard disk (home folder)?

Does someone already done this?

Greetings,
Slav

Stephen Morgan 02-11-2012 12:17 PM
I've done it on Ubuntu, the command is `ecryptfs-migrate-home -u username`, but you have to be logged out from that account when you do it, then log back in after. The package for that command is, I believe, ecryptfs-utils. Debian ought to be the same.

infoslaw 02-11-2012 01:00 PM
Quote:
Originally Posted by Stephen Morgan (Post 4599828)
I've done it on Ubuntu, the command is `ecryptfs-migrate-home -u username`, but you have to be logged out from that account when you do it, then log back in after. The package for that command is, I believe, ecryptfs-utils. Debian ought to be the same.
Thank you very much Stephen. I will try on my test machine and give answer.

Linux-Rocks 02-11-2012 02:01 PM
I use cryptsetup to setup my home partition before installing the the distro. Some distros will have this utility on the LiveCD.

WARNING: IF considering this option, backup your data on the partition(s) you plan to encrypt i.e /home.

infoslaw 02-11-2012 02:13 PM
Quote:
Originally Posted by Linux-Rocks (Post 4599908)
I use cryptsetup to setup my home partition before installing the the distro. Some distros will have this utility on the LiveCD.

WARNING: IF considering this option, backup your data on the partition(s) you plan to encrypt i.e /home.

Hi Linux-Rocks, Thank you very much for replay for my question, interesting solution
I will look for it as well.

infoslaw 02-12-2012 09:34 AM
Finally after testing encryption on spare debian machine I can say that all home folder has been encrypted on my "live" machine.

I choose CryptoFS:

CryptoFS is a encrypted filesystem for Filesystem in Userspace (FUSE) and the Linux Userland FileSystem (LUFS).CryptoFS will use a normal directory to store files encrypted. The mountpoint will contain the decrypted files. Every file stored in this mountpoint will be written encrypted (data and filename) to the directory that was mounted. If you unmount the directory the encrypted data can only be access by mounting the directory with the correct key again. Like other FUSE/LUFS filesystems it does not need root access or any complicated setup like creating a filesystem on a encrypted disk using the loop device.

CryptoFS can be build for FUSE and LUFS. When you build for FUSE you get a program to mount the filesystem. For LUFS a shared library will be built that can be used by LUFS’s lufsd. Both methods can use the same encrypted directory.

/source: http://www.debianadmin.com/filesyste...or-linux.html/



I highly recommend to set encryption on sensitive data on your portable device. It native instruction implemented to Linux 2.6 and up, absolutely not make heavy your CPU and RAM.

Here is short procedure which I wrote for myself and would like to share for everyone:

1. apt-get install ecryptfs-utils

2. log off and login as root
load the module with the following command:
modprobe ecryptfs

3. ecryptfs-migrate-home -u [username]

4. log in and run:
ecryptfs-unwrap-passphrase script (supply your user password when it prompts for "Passphrase") and save the value it returns in a safe place

5. remove the temporary home directory

6. test it by connecting f.e. as usb drive


I would like to thank you Stephen and Linux-Rocks for help me with encryption.
Slav.


All times are GMT -5. The time now is 06:28 PM.