From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from pigeon.gentoo.org ([208.92.234.80] helo=lists.gentoo.org) by finch.gentoo.org with esmtp (Exim 4.60) (envelope-from ) id 1RhgDs-0004oF-RO for garchives@archives.gentoo.org; Mon, 02 Jan 2012 11:38:37 +0000 Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id 6F9F921C0B4; Mon, 2 Jan 2012 11:38:21 +0000 (UTC) Received: from einstein.22decembre.eu (einstein.22decembre.eu [88.174.229.171]) by pigeon.gentoo.org (Postfix) with ESMTP id 5169FE0642 for ; Mon, 2 Jan 2012 11:37:06 +0000 (UTC) Received: from luciole.localnet (luciole.22decembre.eu [IPv6:2a01:e35:8aee:5ab0:223:8bff:fe75:2ece]) by einstein.22decembre.eu (Postfix) with ESMTP id 93EA31D16E for ; Mon, 2 Jan 2012 12:37:04 +0100 (CET) From: =?utf-8?q?St=C3=A9phane_Guedon?= Organization: http://www.22decembre.eu To: gentoo-user@lists.gentoo.org Subject: Re: [gentoo-user] crypt my home repository Date: Mon, 2 Jan 2012 12:36:55 +0100 User-Agent: KMail/1.13.7 (Linux/2.6.38-tuxonice-r1; KDE/4.7.3; x86_64; ; ) References: <201201020907.55698.stephane@22decembre.eu> <4F018BA7.1000207@binarywings.net> In-Reply-To: <4F018BA7.1000207@binarywings.net> Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-user@lists.gentoo.org Reply-to: gentoo-user@lists.gentoo.org MIME-Version: 1.0 Content-Type: multipart/signed; boundary="nextPart2481413.NEqIJv7MXf"; protocol="application/pgp-signature"; micalg=pgp-sha1 Content-Transfer-Encoding: 7bit Message-Id: <201201021237.01284.stephane@22decembre.eu> X-Archives-Salt: 19be9ca9-2209-4899-a1ba-6e1489fc6663 X-Archives-Hash: 1b4d60c0bc6f8af8bd0cba81a97dc013 --nextPart2481413.NEqIJv7MXf Content-Type: Text/Plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable On Monday 02 January 2012 11:49:11 Florian Philipp wrote: > Am 02.01.2012 09:07, schrieb St=C3=A9phane Guedon: > > Hi all > >=20 > > I may ask something already discussed, but I can't find any good > > documentation. I am wondering of how to secure my home repository on my > > laptop. I am thinking of cryptography and other things (the password > > uncrypt the repository and allows to read files...). > >=20 > > What tool to use for ? Anybody knows a good doc (in french would be > > really good) ? > >=20 > > I am not really parano=C3=AFd, but I work now in a quite important > > environnement and want any data I get out to be secured... >=20 > I recommend dm-crypt (a.k.a. cryptsetup-luks). It encrypts the block > device under the actual file system. Gentoo wiki has some tutorials on > it (although you don't need much of it): [1] [2] >=20 > If you only want to encrypt your home partition, you only need to follow > these steps: >=20 > 1. Create an encrypted partition (see `man cryptsetup`) > 2. Move /home/* over to it (don't forget backup) > 3. Configure /etc/conf.d/dmcrypt > 4. Add /etc/init.d/dmcrypt to boot runlevel >=20 > Then the init script will ask you for the password at boot. dm-crypt > allows multiple passwords per partition so that different users can have > different passwords. >=20 > The alternative to the dmcrypt init script is to use sys-auth/pam_mount. > It allows you to use the login password to automatically decrypt a > partition and mount it as /home/$user. [2] has a section about it. > However, this breaks easily and is pretty hard to administrate if you > have no experience with dm-crypt and pam. I recommend the first solution. >=20 > [1] > http://en.gentoo-wiki.com/wiki/SECURITY_System_Encryption_DM-Crypt_with_L= UK > S [2] http://en.gentoo-wiki.com/wiki/DM-Crypt >=20 > Regards, > Florian Philipp Is this solution (the first one) easily integrated into some environnement= =20 (kde) ? I don't want to have numerous password (one for decrypt, one other to open = the=20 desktop session as usual...), plus my wife would argue with some reason I a= m=20 always hacking the computer whereas we are just using it to look movies...= =20 (she uses the computer also, but in a much more used way, so any solution h= as=20 to be comfortable to her too !) =2D-=20 St=C3=A9phane Guedon http://www.22decembre.eu/ http://lectures.22decembre.eu/ carte de visite : http://www.22decembre.eu/downloads/Stephane-Guedon.vcf --nextPart2481413.NEqIJv7MXf Content-Type: application/pgp-signature; name=signature.asc Content-Description: This is a digitally signed message part. -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.17 (GNU/Linux) iQEcBAABAgAGBQJPAZbdAAoJELphJdXfFQ/CdLMH/2zzakCZZHdayKs4cICUldKT 6s4VCtGj5m+74qa4OL7VFGccaMk0QMiEnMreXMoFAaPGbM8l1NMEeEHOcLKJG/Ke WJo+Gwd13HeXRhaPZH1i0+T/VO0ybDDibgvE9wwkWoLewUBE/mqGShimXRjxKxqU 5xBTX2Ze3VgbU6l1wHXCaIAfzOsodFAQ3IC5td+d8bk2B7UgsAO58Vbgpjw7mORT a/sp4bS06+xiEIEU6LmSWuazyE8hZW2ySPCktDP//ztC9J0tm6CSjXdE6Oa3KFtG 09C6rjgkdjRtb6Mw9l8TostiNXok//e8smtbAGVFocquuN49x49AoXJXXDc26Jk= =VTFQ -----END PGP SIGNATURE----- --nextPart2481413.NEqIJv7MXf--