encryption for home partition and backups
Giles Orr
gilesorr-Re5JQEeQqe8AvxtiuMwx3w at public.gmane.org
Sat Nov 30 13:03:15 UTC 2013
On 29 November 2013 21:02, Alex Volkov <avolkov-Re5JQEeQqe8AvxtiuMwx3w at public.gmane.org> wrote:
> I'm using a laptop running Debian Jesse on an LVM (with separate /home and
> swap partitions).
>
> Is it possible to convert current system to encrypted /home and swap
> volumes without reinstalling everything from scratch? I'm fine with copying
> all the existing data to an external hard drive reformatting the partition
> to something that supports encryption and then copying everything back.
> If found cryptosetup and LUCKS being mentioned in several places, has
> anyone tried using these tools?
>
> As a related question, is it possible to have an encrypted file on an
> existing filesystem which I can access by mounting and then dumping rsync
> stream into it? Sort of what TrueCrypt is doing only 100% open source and
> preferably implemented using fusefs.
>
I've been using an encrypted /home/ for a year and a bit. My system
partition and swap are unencrypted. As Bob says, you can encrypt
everything but /boot/ : I haven't tried that, as it's a bit more of a
hassle and my main concern is my own documents, not my OS. As for swap -
leaving it unencrypted is a huge security hole, but encrypting it is a huge
PITA (as I understand it - I haven't done it) if you use either suspend or
especially hibernate. Do your reading (or ask around here).
Note that I started with a new system and so didn't have to migrate data as
you'll have to. I would suggest moving /home/ off to an external drive,
encrypting the /home/ partition, and moving the data back - if you're okay
with an unencrypted OS partition, this will be easiest. If you're in the
mood to improve your system, Bob is right: LVM would be better (although I
don't use it myself as I'm lazy and it adds complexity even while making
volume management immensely easier ... I just don't juggle partitions
enough for it to be worthwhile.)
I've been pretty happy with LUKS and cryptsetup: I do rotating backups to
multiple external hard drives, all of which are encrypted. When I plug
them in LXDE asks for a password to mount, and after that the space is
treated exactly like a normal partition. I use rsync to do the backups, so
yes - very easy to use.
--
Giles
http://www.gilesorr.com/
gilesorr-Re5JQEeQqe8AvxtiuMwx3w at public.gmane.org
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://gtalug.org/pipermail/legacy/attachments/20131130/7767ff54/attachment.html>
More information about the Legacy
mailing list