Re: [gentoo-user] crypt my home repository

["Stéphane Guedon" <stephane@22decembre.eu>]

[-- Attachment #1: Type: Text/Plain, Size: 2457 bytes --]

On Monday 02 January 2012 11:49:11 Florian Philipp wrote:
> Am 02.01.2012 09:07, schrieb Stéphane Guedon:
> > Hi all
> > 
> > I may ask something already discussed, but I can't find any good
> > documentation. I am wondering of how to secure my home repository on my
> > laptop. I am thinking of cryptography and other things (the password
> > uncrypt the repository and allows to read files...).
> > 
> > What tool to use for ? Anybody knows a good doc (in french would be
> > really good) ?
> > 
> > I am not really paranoïd, but I work now in a quite important
> > environnement and want any data I get out to be secured...
> 
> I recommend dm-crypt (a.k.a. cryptsetup-luks). It encrypts the block
> device under the actual file system. Gentoo wiki has some tutorials on
> it (although you don't need much of it): [1] [2]
> 
> If you only want to encrypt your home partition, you only need to follow
> these steps:
> 
> 1. Create an encrypted partition (see `man cryptsetup`)
> 2. Move /home/* over to it (don't forget backup)
> 3. Configure /etc/conf.d/dmcrypt
> 4. Add /etc/init.d/dmcrypt to boot runlevel
> 
> Then the init script will ask you for the password at boot. dm-crypt
> allows multiple passwords per partition so that different users can have
> different passwords.
> 
> The alternative to the dmcrypt init script is to use sys-auth/pam_mount.
> It allows you to use the login password to automatically decrypt a
> partition and mount it as /home/$user. [2] has a section about it.
> However, this breaks easily and is pretty hard to administrate if you
> have no experience with dm-crypt and pam. I recommend the first solution.
> 
> [1]
> http://en.gentoo-wiki.com/wiki/SECURITY_System_Encryption_DM-Crypt_with_LUK
> S [2] http://en.gentoo-wiki.com/wiki/DM-Crypt
> 
> Regards,
> Florian Philipp

Is this solution (the first one) easily integrated into some environnement 
(kde) ?

I don't want to have numerous password (one for decrypt, one other to open the 
desktop session as usual...), plus my wife would argue with some reason I am 
always hacking the computer whereas we are just using it to look movies... 
(she uses the computer also, but in a much more used way, so any solution has 
to be comfortable to her too !)

-- 
Stéphane Guedon
http://www.22decembre.eu/
http://lectures.22decembre.eu/
carte de visite : http://www.22decembre.eu/downloads/Stephane-Guedon.vcf

[-- Attachment #2: This is a digitally signed message part. --]
[-- Type: application/pgp-signature, Size: 490 bytes --]