From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from pigeon.gentoo.org ([208.92.234.80] helo=lists.gentoo.org) by finch.gentoo.org with esmtp (Exim 4.60) (envelope-from ) id 1RVm6K-0005er-AB for garchives@archives.gentoo.org; Wed, 30 Nov 2011 15:29:36 +0000 Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id A765F21C062; Wed, 30 Nov 2011 15:29:24 +0000 (UTC) Received: from mail.digimed.co.uk (82-69-83-178.dsl.in-addr.zen.co.uk [82.69.83.178]) by pigeon.gentoo.org (Postfix) with ESMTP id 6FAA221C037 for ; Wed, 30 Nov 2011 15:27:52 +0000 (UTC) Received: from hactar.digimed.co.uk (hactar.digimed.co.uk [192.168.1.3]) by mail.digimed.co.uk (Postfix) with ESMTPSA id 7D46780455 for ; Wed, 30 Nov 2011 15:27:51 +0000 (GMT) Date: Wed, 30 Nov 2011 15:27:53 +0000 From: Neil Bothwick To: gentoo-user@lists.gentoo.org Subject: Re: [gentoo-user] Full disk encryption Message-ID: <20111130152753.176a9a08@hactar.digimed.co.uk> In-Reply-To: References: Organization: Digital Media Production X-Mailer: Claws Mail 3.7.10cvs103 (GTK+ 2.24.8; x86_64-pc-linux-gnu) X-GPG-Fingerprint: 7260 0F33 97EC 2F1E 7667 FE37 BA6E 1A97 4375 1903 Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-user@lists.gentoo.org Reply-to: gentoo-user@lists.gentoo.org Mime-Version: 1.0 Content-Type: multipart/signed; micalg=PGP-SHA1; boundary="Sig_/3Lm.IV_zjJIBKnBn7DrNAfF"; protocol="application/pgp-signature" X-Archives-Salt: 58bdb95c-fbc9-4066-845e-d1d00a1921af X-Archives-Hash: 70fb7042ce73df03ba87bbd41df3ac32 --Sig_/3Lm.IV_zjJIBKnBn7DrNAfF Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: quoted-printable On Wed, 30 Nov 2011 16:19:18 +0100, czernitko wrote: > I would like to set up an encrypted partition for my /home directories > on Gentoo Hardened. Which approach do you recommend? Do you want a single encrypted filesystem, or separately encrypted home directories for each user. for the former, emerge cryptsetup, use it to create the encrypted block device and set it up in /etc/conf.d/dmcrypt. For individually encrypted home directories, using ecryptfs on top of a standard filesystem, as used by Ubuntu, is probably the best way. --=20 Neil Bothwick "You want us to do WHAT?" - Ancient Chinese wall engineer. --Sig_/3Lm.IV_zjJIBKnBn7DrNAfF Content-Type: application/pgp-signature; name=signature.asc Content-Disposition: attachment; filename=signature.asc -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.18 (GNU/Linux) iEYEARECAAYFAk7WS34ACgkQum4al0N1GQNPswCgoYyKeKBnDE7TBbQB86c15p40 7PwAnj9+hOEGVIMIEuYRUUVEsMMHM1Da =3ogV -----END PGP SIGNATURE----- --Sig_/3Lm.IV_zjJIBKnBn7DrNAfF--