Gentoo Archives: gentoo-security

From: Sune Kloppenborg Jeppesen <jaervosz@g.o>
To: gentoo-security@l.g.o
Subject: Re: [gentoo-security] Encrypting a user home folder on a laptop
Date: Sat, 16 Feb 2008 12:15:21
Message-Id: 200802161314.20644.jaervosz@gentoo.org
In Reply to: [gentoo-security] Encrypting a user home folder on a laptop by Randy Barlow
1 On Saturday 16 February 2008, Randy Barlow wrote:
2 > I am probably being paranoid, but I'd like to encrypt my /home/username
3 > folder on my laptop. I tried EncFS using [1], but KDE didn't seem to
4 > work under that setup because of the restriction that the filesystem
5 > doesn't support hardlinks. So now I am playing around with [2]. The
6 > only problem I have here is that it seems like I have to know in advance
7 > what size I want to use for my home folder (I am using a file as a
8 > loopback device rather than a partition, mostly because I already have a
9 > system up and don't want to mess with resizing partitions). Is there
10 > any way to resize the loopback device on the fly, or do you just have to
11 > create a new one and copy the files into it every time you need to resize?
12 I have some old notes lying around about this.
13
14 If you're working without partitions and using ext something like the
15 following should work. Note it is not on the fly, but OTOH you don't have to
16 start from scratch either.
17
18 Unmount loopback device.
19
20 Enlarge protected_file
21 dd if=/dev/urandom bs=1024k count=10 >> protected_file
22
23 Setup loopdevice
24 losetup /dev/loop6 protected_file
25
26 Setup the crypto device
27 cryptsetup -y create testcrypt /dev/loop6
28
29 Now enlarge the filesystem
30 fsck.ext2 -f /dev/mapper/testcrypt
31
32 Though you should test it before running it on your home dir (and report back
33 here)!
34
35 HTH.
36
37 --
38 Sune Kloppenborg Jeppesen
39 Gentoo Linux Security Team
40 --
41 gentoo-security@l.g.o mailing list