PDA

View Full Version : [ubuntu] home encryption of user home as file - using loop back



nicolasdiogo
June 1st, 2009, 02:53 PM
hi,

i am looking for information on how to setup home encrypted to users but instead of using partitions as described here:
http://blog.gnist.org/article.php?story=EncryptedSwapAndHomeUbuntu

i would like to use encrypted files - so i image that i would need to mount these files in a loop.

the advantages that i seek is to be able to have various files (one for each user of the system) sharing a large partition but without forcing size restrictions on any individual user.

does anyone know of articles around these topics?

thanks a lot,


NIcolas

Agent ME
June 2nd, 2009, 01:43 AM
You might want to check out Ecryptfs. It encrypts files individually on the parent file-system, but mounts another folder where they are transparently accessible and encrypted automatically.

Run "ecryptfs-setup-private" and it will setup the "Private" folder, which is mounted when you log in automatically and unmounted when you log off.

nicolasdiogo
June 2nd, 2009, 11:01 AM
thanks for the suggestion,

i will have a look at it.

but that option would still leave a problem out how to deal with un-encrypted /tmp

regards

HermanAB
June 2nd, 2009, 03:13 PM
Note that /tmp is a RAM disk (tmpfs) and therefore ephemeral. So when the system is powered down, /tmp is 'clean'.

The LUKS wizards are slowly improving which makes it relatively easy to use. Have a look at the LUKS howto here: http://aeronetworks.ca/linux

Agent ME
June 5th, 2009, 03:42 AM
Note that /tmp is a RAM disk (tmpfs) and therefore ephemeral. So when the system is powered down, /tmp is 'clean'.
Looking at the output of mount, it looks like you're wrong (at least for people who haven't explicitly set that up). Maybe you're thinking of /dev/shm?

I'm also curious about any ways to automatically encrypt /tmp and swap, with unsaved random keys.

factorgaming
June 12th, 2009, 07:03 PM
hai! i also have same problem the home security is very essential.

rookcifer
June 12th, 2009, 10:32 PM
Looking at the output of mount, it looks like you're wrong (at least for people who haven't explicitly set that up). Maybe you're thinking of /dev/shm?

I'm also curious about any ways to automatically encrypt /tmp and swap, with unsaved random keys.



echo swap /dev/sdx SWAP "-c aes-cbc-essiv -h whirlpool -s 512" >> /mnt/etc/crypttab

That will encrypt swap with a random key at boot.

However, why not just setup whole disk encryption by using LVM with dm-crypt/LUKS? You can do it from the alternate CD.

Agent ME
June 13th, 2009, 01:32 AM
echo swap /dev/sdx SWAP "-c aes-cbc-essiv -h whirlpool -s 512" >> /mnt/etc/crypttab

That will encrypt swap with a random key at boot.
I have no file named /dev/sdx or /mnt/etc/crypttab; actually, my /mnt directory is empty. (And my understanding of /mnt is that it is like /media, a convenient place to mount file-systems, not a location for config files.) Sure these instructions aren't for a different linux distro?


However, why not just setup whole disk encryption by using LVM with dm-crypt/LUKS? You can do it from the alternate CD.
Whole disk encryption is pretty useless for a multi-user desktop computer, as all users of it would need the password when turning it on, and the data on swap isn't lost if the same key is used every time.