| 1 |
On 12/9/18 10:15 PM, Dale wrote: |
| 2 |
> Well, I don't really think I need to encrypt the entire /home mount |
| 3 |
> point. To me, that would be overkill. Of course, that may be easier. |
| 4 |
> I would like to have certain directories that I can store things in that |
| 5 |
> is encrypted. For example, I have some financial and medical stuff that |
| 6 |
> I wouldn't want just anyone to get a hold of if for example my puter |
| 7 |
> was stolen or hacked. |
| 8 |
|
| 9 |
Fair enough. |
| 10 |
|
| 11 |
> Well, I thought it may be simpler. Since I've never tried encryption |
| 12 |
> before, I don't know first hand how it works or what it takes to |
| 13 |
> use the files. I've read where people password protect their mobo, |
| 14 |
> bootloader and their entire storage system. Basically, without the |
| 15 |
> proper passwords, you can't boot the system or access it from another |
| 16 |
> system either. That is overkill for me for sure. If anything, I'm on |
| 17 |
> the other end of the scale. I just want a directory, which could be a |
| 18 |
> mount point, that is encrypted. Knowing what tool is best may help be |
| 19 |
> figure out whether it is a mount point, a regular directory or what. |
| 20 |
> I've read where some whole file systems can be encrypted or it can be |
| 21 |
> done on a directory level. I'm not sure what works the best tho. |
| 22 |
|
| 23 |
I'm starting to think that something like eCryptFS would be a good |
| 24 |
candidate for you. |
| 25 |
|
| 26 |
> I have /boot and / on their own partition. Everything else is on LVM. |
| 27 |
> I did that because it is easier to boot. While I have a init thingy, it's |
| 28 |
> just enough to mount /usr. That's it. I don't like having a init thingy |
| 29 |
> at all tho. I've had trouble with them in the past that left me with |
| 30 |
> a unbootable system and no way to fix it since I don't really get them. |
| 31 |
> It's one of those things that hasn't hit me yet, even after years of it. |
| 32 |
|
| 33 |
ACK |
| 34 |
|
| 35 |
> True but I don't want it to get in my way to much. I'd like to be |
| 36 |
> able to login into KDE without worrying if the password works or not. |
| 37 |
> Once inside KDE and I need to access something encrypted, then I can |
| 38 |
> deal with the password. |
| 39 |
|
| 40 |
ACK |
| 41 |
|
| 42 |
> Let's say I encrypt the directory or mount point that contains both video |
| 43 |
> and some financial/medical info in it. When I click to access it, it |
| 44 |
> asks for a password. Once it does that, I'd like to be able to use that |
| 45 |
> until I either logout of KDE or I tell it to lock it back up. That way |
| 46 |
> I can watch TV for hours without interruption to type in a password. |
| 47 |
> However, if I need to run to town, I can logout of the encrypted part |
| 48 |
> and leave knowing it's secure. Make sense?? |
| 49 |
|
| 50 |
Yes. |
| 51 |
|
| 52 |
> Interesting. I've read that twice. May read that a couple more times. |
| 53 |
> Letting that soak in a bit. That sounds like something I could use tho. |
| 54 |
> It seems it would do just what I want. |
| 55 |
|
| 56 |
:-) |
| 57 |
|
| 58 |
> Question. Let's say I encrypt /home entirely as a partition of LVM group. |
| 59 |
> When I login to KDE for example, how does that work? I already have to |
| 60 |
> type in a password to login into KDE. Would that work for both or would |
| 61 |
> it ask for a second password? Or would it ask even earlier than that? |
| 62 |
|
| 63 |
I don't know what KDE has built in support for. |
| 64 |
|
| 65 |
I think that modern desktop environments do have some integral support |
| 66 |
for some encryption. I've just never used it and don't know about it. |
| 67 |
|
| 68 |
> I may get on youtube and see if I can find some videos on this so I |
| 69 |
> can see it actually working. Maybe find a couple different setups. |
| 70 |
> I'm sure someone has done at least one. lol |
| 71 |
|
| 72 |
That's probably not a bad idea. |
| 73 |
|
| 74 |
Just be careful and review multiple sources as well as getting a |
| 75 |
reasonable understanding of what they are doing. |
| 76 |
|
| 77 |
> Keep in mind, my backups are a simple rsync to a external USB drive. |
| 78 |
> I don't use fancy software. Usually I backup my videos and such once a |
| 79 |
> day depending on what I've done that day. I may switch to a external |
| 80 |
> SATA drive at some point which may make it even easier. Right now I |
| 81 |
> use a script, if it even deserves to be called that, to do the backups. |
| 82 |
|
| 83 |
That sounds like it would be best used in conjunction with eCryptFS. |
| 84 |
You would rsync the underlay directory like normal (it will show files |
| 85 |
and directories with encrypted names). You would just want to exclude |
| 86 |
the overlay directory from the backup as that's the unencrypted view. |
| 87 |
|
| 88 |
> Mostly a common crook who just may have some puter skills. Wouldn't mind |
| 89 |
> grinning at the likes of a NSA twerp with far to much nose. :-D |
| 90 |
|
| 91 |
Fair enough. It sounds like you want reasonable protection for your |
| 92 |
files. But you won't loose any sleep if you make the three letter |
| 93 |
agencies actually have to work a bit to get to your files, even if it |
| 94 |
just delays what may be possible. (I don't know. But it would at least |
| 95 |
slow them down.) |
Archives