I have encrypted my laptop home folder.
I chose ecryptfs, which is a Linux kernel module maintained by Redhat. I followed the instructions here https://wiki.debian.org/TransparentEncryptionForHomeFolder.
First, clean any junk out of my home folder.
Then reboot, the computer, press
Ctrl + Alt + F1 to switch virtual terminals, and login as root.
apt update apt upgrade apt install ecryptfs-utils modprobe ecryptfs echo "ecryptfs" | tee "/etc/modules-load.d/modules.conf" ecryptfs-migrate-home -u glenn # Takes a while
Login as myself again:
ecryptfs-unwrap-passphrase # put in your password, then write down what this spits out
Lastly, log back in as root, and remove the backup home folder
rm -rf /home/glenn.urgleblurgle.
I did not follow these steps to encrypt my swap partition.
apt install cryptsetup ecryptfs-setup-swap
encfs is supposed to be good, with some limitations:
- file sizes exposed
- file names exposed
gocryptfs is a new way based on encfs and written in Go. It's a bit too new for my tastes though.