[sllug-members]: Encrypted Home Directories

Lamont Peterson lamont at gurulabs.com
Thu Jan 25 15:11:03 MST 2007 

On Thursday 25 January 2007 01:15pm, Morgan Terry wrote:
> Does anyone know what the best way to set up encrypted home
> directories is? I want to do so on my laptop to give my data some
> protection in case the machine is lost or stolen. From my research so
> far, there seem to be several methods used (encrypted loopback,
> dmcrypt, encfs, etc)
>
> Has anyone here tried doing anything like this? What method(s) did you
> use and what were your impressions of it/them?

I have.  With SUSE, it's a snap as their installer and the YaST partitioning 
tool (after installation) can both set up encrypted partitions.

On Fedora prior to FC6, try reading my blog post at [ 
http://blogs.gurulabs.com/lamont/archives/2006/07/encrypting_part.html ].

FC6 added support for mounting encrypted partitions at boot time (they 
implemented it in a way almost identical to my techniques which I've been 
using since FC3).  However, it is not possible to create encrypted partitions 
at install time.  Most of it is still manual and you can not encrypt the root 
partition, either (see [ 
https://www.redhat.com/archives/fedora-devel-list/2007-January/msg01222.html ] 
for discusion about fixing this for F7, which it seems probably won't happen 
in time for the release, given that test1 comes out (weather permitting) on 
Tuesday 2007/01/30).  For some reason, I'm having trouble finding the FC6 
release notes document on the Fedora Wiki [ http://www.fedoraproject.org/ ] 
that matches with the one shipped with FC6, but you can find them on an FC6 
system at [ /usr/share/doc/HTML/RELEASE-NOTES-en_US.html ].  Just search for 
the word "encrypt" and you'll find all the instructions.

Sometime soon (I hope), I'm going to be writing up a new version of my stuff 
to describe using dmcrypt.  When I do, I'll make an announcement to this 
list.  Of course, I will announce th on my blog(s), too.

Also, the Reiser4 filesystem comes with an encryption plugin that is just 
awesome (supports individual file and directory protextion with per-user keys 
and will work with USB key storage devices and plain old keychain drives).  
Unfortunately, not many distributions have picked it up, yet.  Supposedly, 
it's really close to being included in the vanilla kernels, though, so 
perhaps that will be an option in the future.
-- 
Lamont Peterson <lamont at gurulabs.com>
Senior Instructor
Guru Labs, L.C. [ http://www.GuruLabs.com/ ]

NOTE:  All messages from this email address should be digitally signed with my
       0xDC0DD409 GPG key. It is available on the pgp.mit.edu keyserver as
       well as other keyservers that sync with MIT's.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : http://sllug.org/pipermail/sllug-members/attachments/20070125/d8d64b11/attachment.pgp

More information about the sllug-members mailing list