Re: easiest way to encrypt existing home dir?

Fri, 30 Mar 2018 19:10:52 -0700 

Thanks!
Will try it on a temporary dir first.



On 03/30/2018 07:53 PM, Wolfgang Pfeiffer wrote:

On Sat, 31 Mar 2018 02:41:53 +0200
Wolfgang Pfeiffer <r...@gmx.net> wrote:


Interested in how to do it?

I got an email off-list to post the instructions. Again: I created the
container around ten years ago. Did it on Debian. But used that approach
for years once I created this container.

Here we go (Read the notes at the end, please):

----------------------------------------------------------------------->
Making an ecrypted file container:

$ nice -+19 /usr/bin/dcfldd bs=1M count=6000 statusinterval=10 if=/dev/urandom 
of=/home/<your.user.name>/encrypt.ctr

# losetup /dev/loop0 /home/<your.user.name>/encrypt.ctr
# cryptsetup --verbose --verify-passphrase --cipher aes-xts-benbi  --key-size 
512 luksFormat /dev/loop0
# cryptsetup luksOpen /dev/loop0 encfs
# /sbin/mkfs.ext3 -j -O dir_index,filetype,sparse_super /dev/mapper/encfs
# chown <your.user.name>:<your.user.name> /home/<your.user.name>/enc
# chmod 0700 /home/<your.user.name>/enc


added to fstab this line
/dev/mapper/encfs  /home/<your.user.name>/enc  ext3 
user,noauto,rw,dev,exec,suid   0 0

Backup before:
# cp /etc/fstab~ /etc/fstab.2008.12.21
`/etc/fstab~' -> `/etc/fstab.2008.12.21'


mount:
# losetup /dev/loop0 /home/<your.user.name>/encrypt.ctr
# cryptsetup luksOpen /dev/loop0 encfs
as <your.user.name>:
$ mount enc/


umount:
$ umount enc/
# cryptsetup luksClose encfs
# losetup -d /dev/loop0
<-------------------------------------------------------------------------------------

A few short notes (it's late, I want some sleep ..)

0:
   the stuff after the 'mount'/'umount' lines is what I did to
   activate/deactivate the container after logging in.

1:
   "--cipher aes-xts-benbi" - I'd change that to a cipher you want. I
   think aes-xts-benbi is oldand not be what you want today ....

2:
$ nice -+19 /usr/bin/dcfldd bs=1M count=6000 statusinterval=10 if=/dev/urandom 
of=/home/<your.user.name>/encrypt.ctr

  "bs=1M count=6000" : should create a container size of 6000Mb ..

3:
IIRC:
   '#' from above: done as root; '$' done as <your.user.name>

4:
   In your /home dir I think you should do this - probably wasn't created
   automatically via fstab:
   mkdir enc
   so /home/<your.user.name>/enc is simply the mount point for your
   encrypted container, IIRC ...

I got these instructions from somewhere on the internets. Not my
work, IIRC. Just tried and probably modified it. And successfully.

Good luck, all!
Wolfgang

_______________________________________________
users mailing list -- users@lists.fedoraproject.org
To unsubscribe send an email to users-le...@lists.fedoraproject.org

Reply via email to