1 |
On 12/9/18 10:15 PM, Dale wrote: |
2 |
> Well, I don't really think I need to encrypt the entire /home mount |
3 |
> point. To me, that would be overkill. Of course, that may be easier. |
4 |
> I would like to have certain directories that I can store things in that |
5 |
> is encrypted. For example, I have some financial and medical stuff that |
6 |
> I wouldn't want just anyone to get a hold of if for example my puter |
7 |
> was stolen or hacked. |
8 |
|
9 |
Fair enough. |
10 |
|
11 |
> Well, I thought it may be simpler. Since I've never tried encryption |
12 |
> before, I don't know first hand how it works or what it takes to |
13 |
> use the files. I've read where people password protect their mobo, |
14 |
> bootloader and their entire storage system. Basically, without the |
15 |
> proper passwords, you can't boot the system or access it from another |
16 |
> system either. That is overkill for me for sure. If anything, I'm on |
17 |
> the other end of the scale. I just want a directory, which could be a |
18 |
> mount point, that is encrypted. Knowing what tool is best may help be |
19 |
> figure out whether it is a mount point, a regular directory or what. |
20 |
> I've read where some whole file systems can be encrypted or it can be |
21 |
> done on a directory level. I'm not sure what works the best tho. |
22 |
|
23 |
I'm starting to think that something like eCryptFS would be a good |
24 |
candidate for you. |
25 |
|
26 |
> I have /boot and / on their own partition. Everything else is on LVM. |
27 |
> I did that because it is easier to boot. While I have a init thingy, it's |
28 |
> just enough to mount /usr. That's it. I don't like having a init thingy |
29 |
> at all tho. I've had trouble with them in the past that left me with |
30 |
> a unbootable system and no way to fix it since I don't really get them. |
31 |
> It's one of those things that hasn't hit me yet, even after years of it. |
32 |
|
33 |
ACK |
34 |
|
35 |
> True but I don't want it to get in my way to much. I'd like to be |
36 |
> able to login into KDE without worrying if the password works or not. |
37 |
> Once inside KDE and I need to access something encrypted, then I can |
38 |
> deal with the password. |
39 |
|
40 |
ACK |
41 |
|
42 |
> Let's say I encrypt the directory or mount point that contains both video |
43 |
> and some financial/medical info in it. When I click to access it, it |
44 |
> asks for a password. Once it does that, I'd like to be able to use that |
45 |
> until I either logout of KDE or I tell it to lock it back up. That way |
46 |
> I can watch TV for hours without interruption to type in a password. |
47 |
> However, if I need to run to town, I can logout of the encrypted part |
48 |
> and leave knowing it's secure. Make sense?? |
49 |
|
50 |
Yes. |
51 |
|
52 |
> Interesting. I've read that twice. May read that a couple more times. |
53 |
> Letting that soak in a bit. That sounds like something I could use tho. |
54 |
> It seems it would do just what I want. |
55 |
|
56 |
:-) |
57 |
|
58 |
> Question. Let's say I encrypt /home entirely as a partition of LVM group. |
59 |
> When I login to KDE for example, how does that work? I already have to |
60 |
> type in a password to login into KDE. Would that work for both or would |
61 |
> it ask for a second password? Or would it ask even earlier than that? |
62 |
|
63 |
I don't know what KDE has built in support for. |
64 |
|
65 |
I think that modern desktop environments do have some integral support |
66 |
for some encryption. I've just never used it and don't know about it. |
67 |
|
68 |
> I may get on youtube and see if I can find some videos on this so I |
69 |
> can see it actually working. Maybe find a couple different setups. |
70 |
> I'm sure someone has done at least one. lol |
71 |
|
72 |
That's probably not a bad idea. |
73 |
|
74 |
Just be careful and review multiple sources as well as getting a |
75 |
reasonable understanding of what they are doing. |
76 |
|
77 |
> Keep in mind, my backups are a simple rsync to a external USB drive. |
78 |
> I don't use fancy software. Usually I backup my videos and such once a |
79 |
> day depending on what I've done that day. I may switch to a external |
80 |
> SATA drive at some point which may make it even easier. Right now I |
81 |
> use a script, if it even deserves to be called that, to do the backups. |
82 |
|
83 |
That sounds like it would be best used in conjunction with eCryptFS. |
84 |
You would rsync the underlay directory like normal (it will show files |
85 |
and directories with encrypted names). You would just want to exclude |
86 |
the overlay directory from the backup as that's the unencrypted view. |
87 |
|
88 |
> Mostly a common crook who just may have some puter skills. Wouldn't mind |
89 |
> grinning at the likes of a NSA twerp with far to much nose. :-D |
90 |
|
91 |
Fair enough. It sounds like you want reasonable protection for your |
92 |
files. But you won't loose any sleep if you make the three letter |
93 |
agencies actually have to work a bit to get to your files, even if it |
94 |
just delays what may be possible. (I don't know. But it would at least |
95 |
slow them down.) |