Encrypt home directory after install
- Inicie sesión ou rexístrese para enviar comentarios
Hi,
My main trisquel installation is now 1 year and counting. Like it a lot and it serve me well.
However, I did not encrypt my home directory during installation and have decided to add the encryption now.
Any advice how I do this without re-installing or destroying my installation/setup?
Tx in advance.
Found the solution :
1) ecryptfs-migrate-home -u TheUserName
Encrypting /home
2) login as the TheUserName
This to finish off the migration of /home
3) ecryptfs-setup-swap
To encrypt the swap
4) delete or backup a temporary directory created
/home/.
5)as user run : ecryptfs-unwrap-passphrase
To record a randomly generated mount passphrase.
From:
http://blog.dustinkirkland.com/2011/02/long-overdue-introduction-ecryptfs.html
http://blog.dustinkirkland.com/2009/06/migrating-to-encrypted-home-directory.html
All is good.
This is very useful, thanks so much for posting your solution. I like the idea of encrypting my /home in a production system, but I don't really like doing it when I install, because if something goes wrong with the new install, the encrypted /home makes it tricky to use a live disc to rescue my files.
If I wanted to create a permanent page for this information in Trisquel's documentation, how would I go about that?
Oh, glad you like it.
I'm not sure how we could create permanent info about this (never done that).
Let's try to do that ...
It's in the wiki now - needs a cleanup.
Look under the "Privacy and security" section.
Thanks for posting the question and the answer. One question of mine: does it require to the home directory be in its own partition (in the installer choosing a separate partition for swap, home and system) ?? Or can it be in the same partition and it will just encrypt the directory (dunno how it would work, but fine)?
thanks.
GNUUser: I think it does not require to be in it's own partition. My /home has it's own partition, however it's only the user I specified which now has encrypted files, other users does not. Nothing in the man pages for ecryptfs which indicates that requirement either.
I have no idea how it works either, but it seems to work fine on the same
partition. Apparently ecryptfs uses a sort of filesystem-within-a-filesystem
approach to encrypting areas of a partition, rather than the entire partition.
The only downside to disk encryption in general is that (for me at least) you
get noticeably slower access speeds, and you're screwed if something goes wrong.
When I used /home directory encryption, it worked flawlessly.
I think I've asked about this elsewhere, but can't find the thread, and don't know if it got answered. Once your /home partition is encrypted, is it still possible to use it as a shared /home partition with another GNU/Linux installation on the same device? If so, what's the suggested method?
- Inicie sesión ou rexístrese para enviar comentarios