Michael wrote: > On Sunday, 27 March 2022 22:04:45 BST Dale wrote: >> >> That's sort of what I'm going to do. I'm going to divide things into >> sections with some encrypted and some not. > I wonder if all you want to do is to encrypt some directories on your /home, > then a different level of encryption would be more appropriate? Instead of > encrypting a whole block device, you could just encrypt a directory tree or > two, using ext4 encryption. e4crypt has been kicking around for a few years > now and it is meant to be an improvement on eCryptfs. > > https://lwn.net/Articles/639427/ > > https://wiki.gentoo.org/wiki/Ext4_encryption > > WARNING: I'm not qualified to speak about this topic because my experience > is > limited, but I'm interested all the same in reading your approach and other > contributors advice.
That is the basic plan. I'll have /home as a normal open mount point. That way I can login without a encryption password being needed. After that, I plan to have other mount point(s) that are encrypted. It may be /home/dale/Data or something to that effect. I'm still doing some checking but the normal non-encrypted stuff should easily fit on a 6TB drive without encryption. I can then rebuild the two 8TB drives as encrypted mount points with a different volume group thingy. When I boot up, I can login in as usual then decrypt the other mount point and access it as needed or close it and it be encrypted until needed. I've considered just encrypting /home completely but I don't have the option of closing it while I'm logged into KDE. KDE wouldn't be able to access /home/dale/.kde or .config plus if I leave Seamonkey open, it will want to store new emails to .mozilla as well. So, some things need to be available and I'm not to worried about them being encrypted anyway. So encrypting all of /home would be overkill plus would be a problem for some things too, such as Seamonkey and KDE. I'm looking at a hard drive purchase just to see if I can afford it money wise. Dale :-) :-)
