Re: easiest way to encrypt existing home dir?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Thanks!
Will try it on a temporary dir first.



On 03/30/2018 07:53 PM, Wolfgang Pfeiffer wrote:

On Sat, 31 Mar 2018 02:41:53 +0200
Wolfgang Pfeiffer <roto@xxxxxxx> wrote:


Interested in how to do it?

I got an email off-list to post the instructions. Again: I created the
container around ten years ago. Did it on Debian. But used that approach
for years once I created this container.

Here we go (Read the notes at the end, please):

----------------------------------------------------------------------->
Making an ecrypted file container:

$ nice -+19 /usr/bin/dcfldd bs=1M count=6000 statusinterval=10 if=/dev/urandom of=/home/<your.user.name>/encrypt.ctr

# losetup /dev/loop0 /home/<your.user.name>/encrypt.ctr
# cryptsetup --verbose --verify-passphrase --cipher aes-xts-benbi  --key-size 512 luksFormat /dev/loop0
# cryptsetup luksOpen /dev/loop0 encfs
# /sbin/mkfs.ext3 -j -O dir_index,filetype,sparse_super /dev/mapper/encfs
# chown <your.user.name>:<your.user.name> /home/<your.user.name>/enc
# chmod 0700 /home/<your.user.name>/enc


added to fstab this line
/dev/mapper/encfs  /home/<your.user.name>/enc  ext3 user,noauto,rw,dev,exec,suid   0 0

Backup before:
# cp /etc/fstab~ /etc/fstab.2008.12.21
`/etc/fstab~' -> `/etc/fstab.2008.12.21'


mount:
# losetup /dev/loop0 /home/<your.user.name>/encrypt.ctr
# cryptsetup luksOpen /dev/loop0 encfs
as <your.user.name>:
$ mount enc/


umount:
$ umount enc/
# cryptsetup luksClose encfs
# losetup -d /dev/loop0
<-------------------------------------------------------------------------------------

A few short notes (it's late, I want some sleep ..)

0:
   the stuff after the 'mount'/'umount' lines is what I did to
   activate/deactivate the container after logging in.

1:
   "--cipher aes-xts-benbi" - I'd change that to a cipher you want. I
   think aes-xts-benbi is oldand not be what you want today ....

2:
$ nice -+19 /usr/bin/dcfldd bs=1M count=6000 statusinterval=10 if=/dev/urandom of=/home/<your.user.name>/encrypt.ctr

  "bs=1M count=6000" : should create a container size of 6000Mb ..

3:
IIRC:
   '#' from above: done as root; '$' done as <your.user.name>

4:
   In your /home dir I think you should do this - probably wasn't created
   automatically via fstab:
   mkdir enc
   so /home/<your.user.name>/enc is simply the mount point for your
   encrypted container, IIRC ...

I got these instructions from somewhere on the internets. Not my
work, IIRC. Just tried and probably modified it. And successfully.

Good luck, all!
Wolfgang

_______________________________________________
users mailing list -- users@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to users-leave@xxxxxxxxxxxxxxxxxxxxxxx
[Index of Archives]     [Older Fedora Users]     [Fedora Announce]     [Fedora Package Announce]     [EPEL Announce]     [EPEL Devel]     [Fedora Magazine]     [Fedora Summer Coding]     [Fedora Laptop]     [Fedora Cloud]     [Fedora Advisory Board]     [Fedora Education]     [Fedora Security]     [Fedora Scitech]     [Fedora Robotics]     [Fedora Infrastructure]     [Fedora Websites]     [Anaconda Devel]     [Fedora Devel Java]     [Fedora Desktop]     [Fedora Fonts]     [Fedora Marketing]     [Fedora Management Tools]     [Fedora Mentors]     [Fedora Package Review]     [Fedora R Devel]     [Fedora PHP Devel]     [Kickstart]     [Fedora Music]     [Fedora Packaging]     [Fedora SELinux]     [Fedora Legal]     [Fedora Kernel]     [Fedora OCaml]     [Coolkey]     [Virtualization Tools]     [ET Management Tools]     [Yum Users]     [Yosemite News]     [Gnome Users]     [KDE Users]     [Fedora Art]     [Fedora Docs]     [Fedora Sparc]     [Libvirt Users]     [Fedora ARM]

  Powered by Linux