Reckless Clicking - notes/it/linux/encryption

Wed 11 Oct 2017

Disk Encryption

I have encrypted my laptop home folder.

I chose ecryptfs, which is a Linux kernel module maintained by Redhat. I followed the instructions here https://wiki.debian.org/TransparentEncryptionForHomeFolder.

First, clean any junk out of my home folder.

Then reboot, the computer, press Ctrl + Alt + F1 to switch virtual terminals, and login as root.

apt update
apt upgrade
apt install ecryptfs-utils
modprobe ecryptfs
echo "ecryptfs" | tee "/etc/modules-load.d/modules.conf"

ecryptfs-migrate-home -u glenn # Takes a while

ecryptfs-unwrap-passphrase # put in your password, then write down what this spits out

Lastly, log back in as root, and remove the backup home folder rm -rf /home/glenn.urgleblurgle.

Swap

I did not follow these steps to encrypt my swap partition.

apt install cryptsetup
ecryptfs-setup-swap

Alternatives

encfs is supposed to be good, with some limitations:

file sizes exposed
file names exposed

gocryptfs is a new way based on encfs and written in Go. It's a bit too new for my tastes though.