| 1 |
Michael wrote: |
| 2 |
> On Sunday, 27 March 2022 22:04:45 BST Dale wrote: |
| 3 |
>> |
| 4 |
>> That's sort of what I'm going to do. I'm going to divide things into |
| 5 |
>> sections with some encrypted and some not. |
| 6 |
> I wonder if all you want to do is to encrypt some directories on your /home, |
| 7 |
> then a different level of encryption would be more appropriate? Instead of |
| 8 |
> encrypting a whole block device, you could just encrypt a directory tree or |
| 9 |
> two, using ext4 encryption. e4crypt has been kicking around for a few years |
| 10 |
> now and it is meant to be an improvement on eCryptfs. |
| 11 |
> |
| 12 |
> https://lwn.net/Articles/639427/ |
| 13 |
> |
| 14 |
> https://wiki.gentoo.org/wiki/Ext4_encryption |
| 15 |
> |
| 16 |
> WARNING: I'm not qualified to speak about this topic because my experience is |
| 17 |
> limited, but I'm interested all the same in reading your approach and other |
| 18 |
> contributors advice. |
| 19 |
|
| 20 |
|
| 21 |
That is the basic plan. I'll have /home as a normal open mount point. |
| 22 |
That way I can login without a encryption password being needed. After |
| 23 |
that, I plan to have other mount point(s) that are encrypted. It may be |
| 24 |
/home/dale/Data or something to that effect. I'm still doing some |
| 25 |
checking but the normal non-encrypted stuff should easily fit on a 6TB |
| 26 |
drive without encryption. I can then rebuild the two 8TB drives as |
| 27 |
encrypted mount points with a different volume group thingy. When I |
| 28 |
boot up, I can login in as usual then decrypt the other mount point and |
| 29 |
access it as needed or close it and it be encrypted until needed. |
| 30 |
|
| 31 |
I've considered just encrypting /home completely but I don't have the |
| 32 |
option of closing it while I'm logged into KDE. KDE wouldn't be able to |
| 33 |
access /home/dale/.kde or .config plus if I leave Seamonkey open, it |
| 34 |
will want to store new emails to .mozilla as well. So, some things need |
| 35 |
to be available and I'm not to worried about them being encrypted |
| 36 |
anyway. So encrypting all of /home would be overkill plus would be a |
| 37 |
problem for some things too, such as Seamonkey and KDE. |
| 38 |
|
| 39 |
I'm looking at a hard drive purchase just to see if I can afford it |
| 40 |
money wise. |
| 41 |
|
| 42 |
Dale |
| 43 |
|
| 44 |
:-) :-) |
Archives