On 12/9/18 10:15 PM, Dale wrote:
Well, I don't really think I need to encrypt the entire /home mount
point. To me, that would be overkill. Of course, that may be easier.
I would like to have certain directories that I can store things in that
is encrypted. For example, I have some financial and medical stuff that
I wouldn't want just anyone to get a hold of if for example my puter
was stolen or hacked.
Fair enough.
Well, I thought it may be simpler. Since I've never tried encryption
before, I don't know first hand how it works or what it takes to
use the files. I've read where people password protect their mobo,
bootloader and their entire storage system. Basically, without the
proper passwords, you can't boot the system or access it from another
system either. That is overkill for me for sure. If anything, I'm on
the other end of the scale. I just want a directory, which could be a
mount point, that is encrypted. Knowing what tool is best may help be
figure out whether it is a mount point, a regular directory or what.
I've read where some whole file systems can be encrypted or it can be
done on a directory level. I'm not sure what works the best tho.
I'm starting to think that something like eCryptFS would be a good
candidate for you.
I have /boot and / on their own partition. Everything else is on LVM.
I did that because it is easier to boot. While I have a init thingy, it's
just enough to mount /usr. That's it. I don't like having a init thingy
at all tho. I've had trouble with them in the past that left me with
a unbootable system and no way to fix it since I don't really get them.
It's one of those things that hasn't hit me yet, even after years of it.
ACK
True but I don't want it to get in my way to much. I'd like to be
able to login into KDE without worrying if the password works or not.
Once inside KDE and I need to access something encrypted, then I can
deal with the password.
ACK
Let's say I encrypt the directory or mount point that contains both video
and some financial/medical info in it. When I click to access it, it
asks for a password. Once it does that, I'd like to be able to use that
until I either logout of KDE or I tell it to lock it back up. That way
I can watch TV for hours without interruption to type in a password.
However, if I need to run to town, I can logout of the encrypted part
and leave knowing it's secure. Make sense??
Yes.
Interesting. I've read that twice. May read that a couple more times.
Letting that soak in a bit. That sounds like something I could use tho.
It seems it would do just what I want.
:-)
Question. Let's say I encrypt /home entirely as a partition of LVM group.
When I login to KDE for example, how does that work? I already have to
type in a password to login into KDE. Would that work for both or would
it ask for a second password? Or would it ask even earlier than that?
I don't know what KDE has built in support for.
I think that modern desktop environments do have some integral support
for some encryption. I've just never used it and don't know about it.
I may get on youtube and see if I can find some videos on this so I
can see it actually working. Maybe find a couple different setups.
I'm sure someone has done at least one. lol
That's probably not a bad idea.
Just be careful and review multiple sources as well as getting a
reasonable understanding of what they are doing.
Keep in mind, my backups are a simple rsync to a external USB drive.
I don't use fancy software. Usually I backup my videos and such once a
day depending on what I've done that day. I may switch to a external
SATA drive at some point which may make it even easier. Right now I
use a script, if it even deserves to be called that, to do the backups.
That sounds like it would be best used in conjunction with eCryptFS.
You would rsync the underlay directory like normal (it will show files
and directories with encrypted names). You would just want to exclude
the overlay directory from the backup as that's the unencrypted view.
Mostly a common crook who just may have some puter skills. Wouldn't mind
grinning at the likes of a NSA twerp with far to much nose. :-D
Fair enough. It sounds like you want reasonable protection for your
files. But you won't loose any sleep if you make the three letter
agencies actually have to work a bit to get to your files, even if it
just delays what may be possible. (I don't know. But it would at least
slow them down.)
