Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here. |
Notices |
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
Are you new to LinuxQuestions.org? Visit the following links:
Site Howto |
Site FAQ |
Sitemap |
Register Now
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
|
|
08-16-2006, 09:16 AM
|
#1
|
Member
Registered: Apr 2005
Location: Minneap USA
Distribution: Debian, Mepis, Sidux
Posts: 470
Rep:
|
Encryption, spanning time and distros
I just got a large new hard drive and I think that I'd like to protect my data a bit better. Encryption seems to be the way to go, but I am concerned about changing away from my current Kubuntu to another distribution in the future, and suddenly being locked out of my files.
If I mount an encrypted file system, will any POSIX OS (with the correct packaages like dm-crypt or cryptoloop) be able to prompt for a password, properly unlock the drive, and mount the volume without problems?
Or will I be somewhat forced to deal with minor variations in the precompiled 'cryption software which will lead to compiling headaches down the road?
Are there any concerns that I should consider before doing this?
|
|
|
08-16-2006, 10:00 AM
|
#2
|
Senior Member
Registered: Dec 2005
Location: Campinas/SP - Brazil
Distribution: SuSE, RHEL, Fedora, Ubuntu
Posts: 1,508
Rep:
|
I liked "encfs" a lot. It is part of fuse-encfs package ( http://arg0.net/wiki/encfs).
It is handy because I can choose to make just a few directories with sensitive information encrypted, not the whole filesystem, and I can decrypt my folder just when I need it, not at the boot time.
I even create an action on Nautilus (the gnome's filemanager) to encrypt and decrypt a folder using the right's button menu. Very easy to use. Just drop the plain files there and they become encrypted. I can use the files from that location, directly, not need to decrypt it before. And the passphrase is given only once, at the mount time.
This solution is good for a multiuser environment. No need the superuser permissions, it is just a user's space solution.
|
|
|
08-16-2006, 10:37 AM
|
#3
|
Member
Registered: Apr 2005
Location: Minneap USA
Distribution: Debian, Mepis, Sidux
Posts: 470
Original Poster
Rep:
|
I like the sounds of that... Any idea how well that works in an KDE or XFCE or Enlightenment environment?
|
|
|
08-16-2006, 10:52 AM
|
#4
|
Senior Member
Registered: Dec 2005
Location: Campinas/SP - Brazil
Distribution: SuSE, RHEL, Fedora, Ubuntu
Posts: 1,508
Rep:
|
It is a command line tool, just like every thing else.
Use ...
Code:
$ encfs ~/.your-hidden-encripted-folder ~/here-is-the-decrypted-folder
... to mount the previous created .your-hidden-encripted-folder at here-is-the-decrypted-folder. It will ask your passphrase at that time or you can pass a program to read the password from. I make my nautilus action using zenity to entry the passphrase, but you can use the kdialog.
To unmount, just issue
Code:
$ fusermount -u ~/here-is-the-decrypted-folder
You can create a script that test if the mount point is already mounted and if so, then unmount it, else, mount it asking the passphrase with kdialog.
Use this script as a konqueror's script (i don't remember exactly how KDE named this). If you want I can post my script tomorrow (it is in my home, not at work) so you don't need to start from scratch. let me know.
cheers,
|
|
|
09-01-2006, 09:09 AM
|
#5
|
Member
Registered: Apr 2005
Location: Minneap USA
Distribution: Debian, Mepis, Sidux
Posts: 470
Original Poster
Rep:
|
marozsas, thank you for the info! yeah, the script might help me out, if you'd post it. i've been lazy on this point lately and its still a good idea for me to start working with an encrypted fs.
|
|
|
All times are GMT -5. The time now is 03:30 AM.
|
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
|
Latest Threads
LQ News
|
|