1 |
Michael wrote: |
2 |
> On Sunday, 27 March 2022 22:04:45 BST Dale wrote: |
3 |
>> |
4 |
>> That's sort of what I'm going to do. I'm going to divide things into |
5 |
>> sections with some encrypted and some not. |
6 |
> I wonder if all you want to do is to encrypt some directories on your /home, |
7 |
> then a different level of encryption would be more appropriate? Instead of |
8 |
> encrypting a whole block device, you could just encrypt a directory tree or |
9 |
> two, using ext4 encryption. e4crypt has been kicking around for a few years |
10 |
> now and it is meant to be an improvement on eCryptfs. |
11 |
> |
12 |
> https://lwn.net/Articles/639427/ |
13 |
> |
14 |
> https://wiki.gentoo.org/wiki/Ext4_encryption |
15 |
> |
16 |
> WARNING: I'm not qualified to speak about this topic because my experience is |
17 |
> limited, but I'm interested all the same in reading your approach and other |
18 |
> contributors advice. |
19 |
|
20 |
|
21 |
That is the basic plan. I'll have /home as a normal open mount point. |
22 |
That way I can login without a encryption password being needed. After |
23 |
that, I plan to have other mount point(s) that are encrypted. It may be |
24 |
/home/dale/Data or something to that effect. I'm still doing some |
25 |
checking but the normal non-encrypted stuff should easily fit on a 6TB |
26 |
drive without encryption. I can then rebuild the two 8TB drives as |
27 |
encrypted mount points with a different volume group thingy. When I |
28 |
boot up, I can login in as usual then decrypt the other mount point and |
29 |
access it as needed or close it and it be encrypted until needed. |
30 |
|
31 |
I've considered just encrypting /home completely but I don't have the |
32 |
option of closing it while I'm logged into KDE. KDE wouldn't be able to |
33 |
access /home/dale/.kde or .config plus if I leave Seamonkey open, it |
34 |
will want to store new emails to .mozilla as well. So, some things need |
35 |
to be available and I'm not to worried about them being encrypted |
36 |
anyway. So encrypting all of /home would be overkill plus would be a |
37 |
problem for some things too, such as Seamonkey and KDE. |
38 |
|
39 |
I'm looking at a hard drive purchase just to see if I can afford it |
40 |
money wise. |
41 |
|
42 |
Dale |
43 |
|
44 |
:-) :-) |