From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from pigeon.gentoo.org ([208.92.234.80] helo=lists.gentoo.org) by finch.gentoo.org with esmtp (Exim 4.60) (envelope-from ) id 1Rhff9-0006Tc-HT for garchives@archives.gentoo.org; Mon, 02 Jan 2012 11:02:44 +0000 Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id B79E121C176; Mon, 2 Jan 2012 11:02:28 +0000 (UTC) Received: from out5.smtp.messagingengine.com (out5.smtp.messagingengine.com [66.111.4.29]) by pigeon.gentoo.org (Postfix) with ESMTP id AFAB721C118 for ; Mon, 2 Jan 2012 11:01:19 +0000 (UTC) Received: from compute5.internal (compute5.nyi.mail.srv.osa [10.202.2.45]) by gateway1.nyi.mail.srv.osa (Postfix) with ESMTP id 6E0BE20DA8 for ; Mon, 2 Jan 2012 06:01:19 -0500 (EST) Received: from frontend2.nyi.mail.srv.osa ([10.202.2.161]) by compute5.internal (MEProxy); Mon, 02 Jan 2012 06:01:19 -0500 DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; d=binarywings.net; h=message-id:date:from:mime-version:to:subject:references :in-reply-to:content-type; s=mesmtp; bh=jfJqFMvQgg5qMtE32rcb6zLN tD0=; b=NXkKC8HtdCAfBGWGcRow71X5/pJBFsyCHrlXH61fYhz/K50YGp8icXLp P0xflcxls9ZyK1QNZk5a/juethrJUPbdyq+6O7+23JOJRT40u+Lk03Y1m7YN5spZ prnzZSxHla57dWewQ1mxYQi1TcLd2u8cItk+3L2Bh/e3X+Ay8/Q= DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; d= messagingengine.com; h=message-id:date:from:mime-version:to :subject:references:in-reply-to:content-type; s=smtpout; bh=jfJq FMvQgg5qMtE32rcb6zLNtD0=; b=KR+3RPcbtFchZcHqe5i0F5JAC0j/Z1ucEc24 s/GX6wsYmKZljDyJuC9z0+AQY46aDWiAsW1dsnA8OY2foejVr3Mhm14aQpU+81AT L4hQh6jteXhJe3RK/HFzyJYeTX8u7tF5Mna0OdibOshdWMk8Zlpb9spM09GcYCyU KE2fWd0= X-Sasl-enc: 5GihAuOmTF3uxCr2N4j9NN0fUdNINIuhCl4LuupkCRb/ 1325502079 Received: from [192.168.5.18] (serv.binarywings.net [83.169.5.6]) by mail.messagingengine.com (Postfix) with ESMTPSA id DFBFF4825E5 for ; Mon, 2 Jan 2012 06:01:18 -0500 (EST) Message-ID: <4F018E79.6050000@binarywings.net> Date: Mon, 02 Jan 2012 12:01:13 +0100 From: Florian Philipp User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:8.0) Gecko/20111211 Thunderbird/8.0 Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-user@lists.gentoo.org Reply-to: gentoo-user@lists.gentoo.org MIME-Version: 1.0 To: gentoo-user@lists.gentoo.org Subject: Re: [gentoo-user] crypt my home repository References: <201201020907.55698.stephane@22decembre.eu> <4F018BA7.1000207@binarywings.net> In-Reply-To: <4F018BA7.1000207@binarywings.net> X-Enigmail-Version: 1.3.3 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="------------enig6ABEB227AFBF729AE83969C0" X-Archives-Salt: 96d17917-114e-428f-a3f8-b25c8e88c595 X-Archives-Hash: 41bc265934b75e7721ee24fe4ddcf5e5 This is an OpenPGP/MIME signed message (RFC 2440 and 3156) --------------enig6ABEB227AFBF729AE83969C0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable Am 02.01.2012 11:49, schrieb Florian Philipp: > Am 02.01.2012 09:07, schrieb St=C3=A9phane Guedon: >> Hi all >> >> I may ask something already discussed, but I can't find any good docum= entation. >> I am wondering of how to secure my home repository on my laptop. I am = thinking=20 >> of cryptography and other things (the password uncrypt the repository = and=20 >> allows to read files...). >> >> What tool to use for ? Anybody knows a good doc (in french would be re= ally=20 >> good) ? >> >> I am not really parano=C3=AFd, but I work now in a quite important env= ironnement=20 >> and want any data I get out to be secured... >=20 > I recommend dm-crypt (a.k.a. cryptsetup-luks). It encrypts the block > device under the actual file system. Gentoo wiki has some tutorials on > it (although you don't need much of it): [1] [2] >=20 > If you only want to encrypt your home partition, you only need to follo= w > these steps: >=20 > 1. Create an encrypted partition (see `man cryptsetup`) > 2. Move /home/* over to it (don't forget backup) > 3. Configure /etc/conf.d/dmcrypt > 4. Add /etc/init.d/dmcrypt to boot runlevel 5. Add it to /etc/fstab (the 'target=3D' line in /etc/conf.d/dmcrypt specifies the name). > [...] I recommend testing it with some easily recoverable file system like /var/tmp or /usr/src/portage. --------------enig6ABEB227AFBF729AE83969C0 Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.17 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAk8Bjn0ACgkQqs4uOUlOuU/UZgCfV/Ct/9yLg0/5ISjs6gsTYkA1 r3gAn3I+texiyY9v2HIaeNIp7TdIM9xw =C5SG -----END PGP SIGNATURE----- --------------enig6ABEB227AFBF729AE83969C0--