Page 1 of 2 12 LastLast
Results 1 to 10 of 13

Thread: Best ways to encrypt running home partition?

  1. #1
    Join Date
    Jun 2008
    Location
    Belgrade, Serbia
    Posts
    719

    Default Best ways to encrypt running home partition?

    I have read in manuals that encrypting a partition erases all data on it, ok, I understand why. Now I am interested in viable method to do it.

    My disk layout is following:
    sda1 /
    sda2 swap
    sda3 /home
    sda4 ntfs

    /home is quite large, but I dont have too much data on it. I do have large external drive, partition already backed/backing up with rsync so I have no problem of "loosing" data.

    What would be the best way to encrypt home?
    1. rsync it, log in as root, encrypt partition, restore data with rsync?
    2. gzip it, move it, encrypt, restore?
    3...?
    4..?

    Ah yes.. one more thing is important, I would like it to be done to work seemlessly.. something like, login and go. Should I use YaST for encprypting partition or something else?

    oo yes.. one more question.
    If system breaks, whether me break it or whatever, installing new version, will encryption be working also, or will I have problems.

    Sorry for this noob questions, but I never used encryption in this way. Only by TrueCrypt or similar.

    Thanks
    Emil Beli
    http://www.beli.ws/blog/
    openSUSE 11.4 x64 KDE, ATI 5600, i7 dell inspire laptop

  2. #2
    Join Date
    Aug 2010
    Location
    Chicago suburbs
    Posts
    15,671
    Blog Entries
    3

    Default Re: Best ways to encrypt running home partition?

    I did a tar backup to an external drive. To do that, I logged in as root at a virtual console, switched to init level 3, so that the GUI was not running, then made the backup.

    After creating the encrypted "/home", I restored from the backup, again logged in as root at a virtual terminal.

    I'll note that you will have to give an encryption key at every boot, to make "/home" available.

    While I was about it, I encrypted swap at the same time. Using yast, I did not specify an encryption key for swap. So it was set up with a random key, different every time, and with "mkswap" run on each boot. This probably prevents recovery from hibernation, which was okay for me.

    Next, I setup "/tmp" to be mounted from swap (i.e. with "tmpfs"). That, together with the encrypted swap, protects temporary copies of sensitive data.

    My current plan is to occasionally backup "/home" to an external drive. I won't be encrpting the external drive, so that is my recovery data if I ever forget the password, or if something breaks.

    I did not consider encrypting the root partition, mainly because of concern about recovery if the system breaks. Booting from a live disk, I could still access all system files. Presumably, I could also provide the key and mount "/home", but that is rarely needed to fix a broken system.

    Incidentally, it is working quite well.
    openSUSE Leap 15.3; KDE Plasma 5.18.6;

  3. #3
    Join Date
    Feb 2009
    Location
    Spain
    Posts
    25,547

    Default Re: Best ways to encrypt running home partition?

    On 2011-04-11 01:36, beli0135 wrote:

    > What would be the best way to encrypt home?
    > 1. rsync it, log in as root, encrypt partition, restore data with
    > rsync?


    Yes.

    > Ah yes.. one more thing is important, I would like it to be done to
    > work seemlessly.. something like, login and go. Should I use YaST for
    > encprypting partition or something else?


    YaST.

    >
    > oo yes.. one more question.
    > If system breaks, whether me break it or whatever, installing new
    > version, will encryption be working also, or will I have problems.


    Who knows! You ask too much, too imprecise. Will my car break down? Will I
    have an accident and be killed or maimed?

    --
    Cheers / Saludos,

    Carlos E. R.
    (from 11.2 x86_64 "Emerald" at Telcontar)

  4. #4
    Join Date
    Jun 2008
    Location
    Belgrade, Serbia
    Posts
    719

    Default Re: Best ways to encrypt running home partition?

    @nrickert, wow... I am not that paranoid, LOL. It's just a prevention of laptop theft. There is no one particulary targeting me and my data that swap should be targeted. Most common thiefs just steal to sell. But I thank you for the procedure that you wrote. Every day we learn something new. You have responded most of my questions.

    @robin_listas
    Thanks for answers. On last question, what I really mean is that if system breaks for whatever reason, or I decide to put openSUSE 11.5 (whatever), or some other distro, or just to reinstall 11.4, for whatever reason,
    Question was: will I be able to use my encrypted /home, providing encryption key. Will new installation ask me at all? Can it be recovered by running some live DVD etc etc? So in case of system failure, will I be able to access my data in some way?


    Thanks
    Emil Beli
    http://www.beli.ws/blog/
    openSUSE 11.4 x64 KDE, ATI 5600, i7 dell inspire laptop

  5. #5
    Join Date
    Jun 2008
    Location
    Podunk
    Posts
    32,325
    Blog Entries
    15

    Default Re: Best ways to encrypt running home partition?

    On Mon, 2011-04-11 at 16:06 +0000, beli0135 wrote:
    > @nrickert, wow... I am not that paranoid, LOL. It's just a prevention of
    > laptop theft. There is no one particulary targeting me and my data that
    > swap should be targeted. Most common thiefs just steal to sell. But I
    > thank you for the procedure that you wrote. Every day we learn something
    > new. You have responded most of my questions.
    >

    Hi
    Have you looked at installing prey (I'm the package maintainer)?
    http://software.opensuse.org/search?...ude_debug=true
    Their webpage is here;
    http://preyproject.com/

    --
    Cheers Malcolm (Linux Counter #276890)
    SUSE Linux Enterprise Desktop 11 (x86_64) Kernel 2.6.32.29-0.3-default
    up 5 days 1:02, 2 users, load average: 0.00, 0.02, 0.00
    GPU GeForce 8600 GTS Silent - Driver Version: 260.19.26


  6. #6
    Join Date
    Feb 2009
    Location
    Spain
    Posts
    25,547

    Default Re: Best ways to encrypt running home partition?

    On 2011-04-11 18:06, beli0135 wrote:
    >
    > @nrickert, wow... I am not that paranoid, LOL. It's just a prevention of
    > laptop theft. There is no one particulary targeting me and my data that
    > swap should be targeted.


    Swap is indeed a target, as it has a copy of the entire memory, which means
    your passwords, including possibly the password for the encrypted
    partition. Of course, the thief has to know how to do that, or know
    somebody who can.

    That you do not keep any secrets worth stealing? I'm sure that your bank
    data is interesting ;-)


    > @robin_listas
    > Thanks for answers. On last question, what I really mean is that if
    > system breaks for whatever reason, or I decide to put openSUSE 11.5
    > (whatever), or some other distro, or just to reinstall 11.4, for
    > whatever reason,
    > Question was: will I be able to use my encrypted /home, providing
    > encryption key. Will new installation ask me at all? Can it be recovered
    > by running some live DVD etc etc? So in case of system failure, will I
    > be able to access my data in some way?


    Supposedly, the system will be maintained, but there are no guarantees. You
    should make a point of testing factory releases and report if the features
    you need stop working.

    --
    Cheers / Saludos,

    Carlos E. R.
    (from 11.2 x86_64 "Emerald" at Telcontar)

  7. #7
    Join Date
    Feb 2009
    Location
    Spain
    Posts
    25,547

    Default Re: Best ways to encrypt running home partition?

    On 2011-04-11 19:08, malcolmlewis wrote:
    > Have you looked at installing prey


    What does it do?

    --
    Cheers / Saludos,

    Carlos E. R.
    (from 11.2 x86_64 "Emerald" at Telcontar)

  8. #8
    Join Date
    Jun 2008
    Location
    Podunk
    Posts
    32,325
    Blog Entries
    15

    Default Re: Best ways to encrypt running home partition?

    On Mon, 2011-04-11 at 19:20 +0000, Carlos E. R. wrote:
    > On 2011-04-11 19:08, malcolmlewis wrote:
    > > Have you looked at installing prey

    >
    > What does it do?
    >

    Hi
    Series of bash scripts along with a cron job. It checks the website and
    if you set a flag (om your control panel) it will collect data and post
    it on the website for you, screenshot, location (via available wifi
    spots) camera shot etc. So if the thief powers it up you have a good
    chance of capturing some data to provide to authorities.

    --
    Cheers Malcolm (Linux Counter #276890)
    SUSE Linux Enterprise Desktop 11 (x86_64) Kernel 2.6.32.29-0.3-default
    up 5 days 3:49, 2 users, load average: 0.43, 0.20, 0.15
    GPU GeForce 8600 GTS Silent - Driver Version: 260.19.26


  9. #9
    Join Date
    Jun 2008
    Location
    Belgrade, Serbia
    Posts
    719

    Default Re: Best ways to encrypt running home partition?

    @malcomlewis
    Thank you, I will look into it. It is an interesting idea.

    @robin_listas
    Well... let's say I pay a thief to get your hard drive. Then surely, I will give hard disk to a team to recover everything that is possible.
    If I steal laptop from John Doe, I probably just want $200 for it, and Jane Doe, who will buy it from me, will in 99.99% of chances format and install Windows 7 on it.

    Emil Beli
    http://www.beli.ws/blog/
    openSUSE 11.4 x64 KDE, ATI 5600, i7 dell inspire laptop

  10. #10
    Join Date
    Aug 2010
    Location
    Chicago suburbs
    Posts
    15,671
    Blog Entries
    3

    Default Re: Best ways to encrypt running home partition?

    Quote Originally Posted by beli0135 View Post
    @nrickert, wow... I am not that paranoid, LOL. It's just a prevention of laptop theft.
    I'm not particularly paranoid either. But I do occasionally edit a file of passwords, using a temp copy in "/tmp". So having swap encrypted, with "/tmp" mounted as tmpfs is an easy way of being sure that "/tmp" is encrypted.

    Quote Originally Posted by beli0135 View Post
    Will new installation ask me at all? Can it be recovered by running some live DVD etc etc? So in case of system failure, will I be able to access my data in some way?
    With new installation, specify the same partition for home, set it as encrypted, and set it to not format the partition. Then you should be prompted for the existing encryption key during the new install.
    openSUSE Leap 15.3; KDE Plasma 5.18.6;

Page 1 of 2 12 LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •