Page 2 of 3 FirstFirst 123 LastLast
Results 11 to 20 of 21

Thread: Using TrueCrypt to encrypt one users home folder...

  1. #11
    Join Date
    Jan 2008
    Location
    Croatia
    Beans
    23
    Distro
    Ubuntu 9.04 Jaunty Jackalope

    Re: Using TrueCrypt to encrypt one users home folder...

    Quote Originally Posted by khelben1979 View Post
    I'm still not sure if TrueCrypt is safe to use. Is it?
    Depends on what you mean by "safe"? I think with a right encryption algorithm and a strong password/keyfile, it should offer a decent amount of security...

  2. #12
    Join Date
    Dec 2005
    Beans
    49
    Distro
    Ubuntu 10.04 Lucid Lynx

    Re: Using TrueCrypt to encrypt one users home folder...

    I'm trying to do this on 10.04 and it's not working. I've added the "truecrypt ..." line to the Default file per the directions, but I get no prompt or any sign that anything is different when restarting.

    Any ideas?

  3. #13
    Join Date
    Dec 2005
    Beans
    49
    Distro
    Ubuntu 10.04 Lucid Lynx

    Re: Using TrueCrypt to encrypt one users home folder...

    I solved the first problem. The trouble was that I installed the command-line only package, obviously nothing was going to pop up. So I passed the answers to all the mount questions as parameters.

    Now some odd things are happening (like the gnome panel not functioning) when using the encrypted home folder. I suspect some permission issues, I'll be doing some more investigating.

  4. #14
    Join Date
    Dec 2005
    Beans
    49
    Distro
    Ubuntu 10.04 Lucid Lynx

    Re: Using TrueCrypt to encrypt one users home folder...

    I booted a live cd and mounted the partition containing /home and the truecrypt container. Then rsync'ed my existing home folder to the encrypted volume. On restart the previous strangeness was gone. I guess running rsync on an in-use home folder doesn't work (who woulda guessed).

  5. #15
    Join Date
    Nov 2005
    Location
    Oslo, Norway
    Beans
    205
    Distro
    Ubuntu 12.04 Precise Pangolin

    Smile Re: Using TrueCrypt to encrypt one users home folder...

    Ubuntu 10.04 supports encrypted home folders out of the box (though not using TrueCrypt). All you need to do is pop open System>Users and Groups, hit the Add button, enter your name and check "Encrypt home folder to protect sensitive data". You can also during the initial install of Ubuntu 10.04, when you create the first user.

    I don't know if you can convert an existing users account to encrypted, but it wouldn't be to hard to copy files across afterwards and chown them.

    I don't know how secure this is compared to the TrueCrypt method, but as has been pointed out in this thread neither method is 100% secure, as swap and other parts of the system are not encrypted. If you want that, you're better of encrypting the whole drive, which I believe you can still do with the alternate cd (only tried it with earlier versions of Ubuntu).

    Cheers.

  6. #16
    Join Date
    Dec 2005
    Beans
    49
    Distro
    Ubuntu 10.04 Lucid Lynx

    Re: Using TrueCrypt to encrypt one users home folder...

    A little step-by-step tutorial for the process I used (Ubuntu 10.04 x64):

    Download the appropriate Standard Linux package for TrueCrypt from: http://www.truecrypt.org/downloads

    This process can be done using the console package, but requires saving the encryption password in plaintext nullifying any improvement in security. (Of course there's probably a way to pass the password not in plaintext that I didn't discover.)

    Extract the archive:
    Code:
    tar -xzvf truecrypt-7.0a-linux-x64.tar.gz
    For some reason I had to make the file executable:
    Code:
    chmod u+x truecrypt-7.0a-setup-x64
    Run the installer
    Code:
    ./truecrypt-7.0a-setup-x64
    Follow the simple installation procedure, then create your encrypted volume:
    Code:
    truecrypt -c
    Now we need to copy your existing home folder into the encrypted volume, but we can't do that while you're logged in. If you already have another admin user you can log in to skip this step. Otherwise let's make a new user and allow it to sudo.
    Code:
    adduser tempuser
    adduser tempuser admin
    Log out and log back in as the new user or hit ctrl+alt+f1 to go straight to the commandline.

    Next we'll relocate your home folder and then recreate it, but now empty (to serve only as a mountpoint for the encrypted volume).
    Code:
    sudo mv /home/<user> /home/backup
    sudo mkdir /home/<user>
    Now we need to copy your home folder data into the encrypted volume. First mount the encrypted volume.
    Code:
    sudo mkdir /mnt/tmp
    truecrypt –mount
    Now copy the data.
    Code:
    rsync -aHv /home/backup/ /mnt/tmp
    Unmount the encrypted volume.
    Code:
    truecrypt -d
    Almost there, now we add the instructions for your encrypted volume to be mounted when gdm starts. Edit the gdm init script
    Code:
    sudo vi /etc/gdm/Init/Default
    Insert the following code with your username and path to your encrypted container inserted. I've added a check to make sure the volume isn't already mounted, otherwise gdm was hanging on startup for me when it crashed or I had to restart it. (I put these lines directly above "exit 0".)
    Code:
    if !(echo `mount` | grep -q "/home/<user> type")
    then
            truecrypt <path to encrypted volume> /home/<user>
    fi
    Finally you can restart gdm and see if it worked. (If you don't get any errors then it worked, the idea is that everything SHOULD look the same.)
    Code:
    sudo service gdm restart
    There's some final cleanup worth doing.
    1. If everything is working you should “sudo rm -rf /home/backup” since having an unencrypted copy of files you've just encrypted is silly. If you're really worried you could copy those files off to some other secured backup medium.
    2. We also have created an extra admin account which you might want to remove (though it's generally a good idea to have a backup admin account).

  7. #17
    Join Date
    Dec 2005
    Beans
    49
    Distro
    Ubuntu 10.04 Lucid Lynx

    Re: Using TrueCrypt to encrypt one users home folder...

    Quote Originally Posted by ragtag View Post
    Ubuntu 10.04 supports encrypted home folders out of the box (though not using TrueCrypt). All you need to do is pop open System>Users and Groups, hit the Add button, enter your name and check "Encrypt home folder to protect sensitive data". You can also during the initial install of Ubuntu 10.04, when you create the first user.
    I would have just done that but I wanted cross-platform compatibility for the encrypted volume.

    Also, thanks for the inspiration from your initial post!
    Last edited by Minn3h; October 5th, 2010 at 09:10 PM.

  8. #18
    Join Date
    Apr 2008
    Location
    Far, far away
    Beans
    2,148
    Distro
    Ubuntu 11.04 Natty Narwhal

    Re: Using TrueCrypt to encrypt one users home folder...

    Ideally there would be a pam module for handling the password/login. If the pam_ecryptfs one could be modified or used as is for Truecrypt then you could achieve the same integration at login.

    Also, potentially gpg could be used to wrap the Truecrypt password with your normal login password so that the login process uses gpg to unwrap the Truecrypt password and open the volume.

    By integrating with pam it would allow unmounting at logout as well. I don't have time today to look into this but I'm pretty sure it's doable.

    I've been running swap-less for a while now and as long as you have ample memory it seems to work just fine. This removes the potential for data being left behind in swap.

    I don't know that Truecrypt offers better encryption than ecryptfs but it does have the deniability factor and perhaps that could even be integrated with pam so that dual login passwords result in differing home mounts. And it does work a bit differently in that ecryptfs encrypts file by file with encrypted filenames, whereas Truecrypt would use a volume that is a bit more opaque regarding contents.

  9. #19
    Join Date
    Dec 2005
    Beans
    49
    Distro
    Ubuntu 10.04 Lucid Lynx

    Re: Using TrueCrypt to encrypt one users home folder...

    Quote Originally Posted by BkkBonanza View Post
    Ideally there would be a pam module for handling the password/login. If the pam_ecryptfs one could be modified or used as is for Truecrypt then you could achieve the same integration at login.

    By integrating with pam it would allow unmounting at logout as well. I don't have time today to look into this but I'm pretty sure it's doable.
    I've seen some discussions to that effect, but none that were particularly recent or clear enough for someone like me who knows nothing about pam authentication.

    Also, potentially gpg could be used to wrap the Truecrypt password with your normal login password so that the login process uses gpg to unwrap the Truecrypt password and open the volume.
    I hadn't thought of that. I'll look into it and see if I can incorporate it.

    I've been running swap-less for a while now and as long as you have ample memory it seems to work just fine. This removes the potential for data being left behind in swap.
    I as well, swap is such a relic.

    I don't know that Truecrypt offers better encryption than ecryptfs but it does have the deniability factor and perhaps that could even be integrated with pam so that dual login passwords result in differing home mounts. And it does work a bit differently in that ecryptfs encrypts file by file with encrypted filenames, whereas Truecrypt would use a volume that is a bit more opaque regarding contents.
    Between cross-platform support and the significant additional paranoia factor in TrueCrypt's design it's a no-brainer for me.

  10. #20
    Join Date
    May 2009
    Location
    Land of Lincoln
    Beans
    1,369
    Distro
    Ubuntu Development Release

    Re: Using TrueCrypt to encrypt one users home folder...

    Hi!

    I've used truecrypt for about a year and feel very safe.

    It would take years to crack open my file.

    KegHead

Page 2 of 3 FirstFirst 123 LastLast

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •