| View previous topic :: View next topic |
| Author |
Message |
lars_the_bear
Guru
Joined: 05 Jun 2024
Posts: 522
|
 Posted: Sat Jun 22, 2024 12:56 pm Post subject: [Solved] Home directory encryption |
 |
|
Hi folks
After two weeks of playing with throw-away computers, I'm almost ready to make the leap to installing Gentoo on a computer I use every day. Almost all the software I have to use works; what doesn't I can work around.
The last step, before I can adopt Gentoo on a daily basis, is home directory encryption using ecryptfs. I use this on all my non-business computers.
I've tested it on two different throw-away computers, and it seems to work fine. Set-up is pretty much the same as in any other Linux distribution.
But...
When I bring Gentoo to a 'real' computer, I'll be bringing it to one with hundreds of Gb of encrypted home directory data. I really need that data to continue to be accessible. I have backups, but I'd prefer not to have to rely on them.
My gut feeling is that this will be fine, because all the data is in a separate /home partition that I will not touch when I install Gentoo. I don't think there's anything related to the encryption that is stored outside this partition. I will use the same user/group IDs and passwords.
So I think it will be fine. But I'd be more confident if somebody who has actually done this could confirm it.
BR, Lars.
Last edited by lars_the_bear on Wed Jun 26, 2024 8:40 am; edited 1 time in total |
|
| Back to top |
|
 |
Pearlseattle
Apprentice
Joined: 04 Oct 2007
Posts: 165
Location: Switzerland
|
| Posted: Sat Jun 22, 2024 6:47 pm Post subject: |
|
|
Hi
I'm looking as well for an encryption alternative for my home directory - I'm currently using "encfs" ( https://vgough.github.io/encfs/ ) which does work 99% fine but it has some problems (if I remember correctly Google Chrome stutters and I suspect that that's related to temporary files stored in my encfs home directory, and some other problem (Jetbrains' CLion or maybe something else which cannot lock files on encfs because encfs does not support it).
eCryptFS was for me a candidate but I discarded it after having read this:
| Quote: | | eCryptfs is also no longer being actively developed, and its largest users (Ubuntu and Chrome OS) have migrated to other solutions. |
( https://wiki.archlinux.org/title/Fscrypt )
I'm not sure if that's really true, just wanted to give you a heads-up before that you go all-in with eCryptFS 
Cheers |
|
| Back to top |
|
|
pietinger
Moderator
Joined: 17 Oct 2006
Posts: 5116
Location: Bavaria
|
| Posted: Sat Jun 22, 2024 7:49 pm Post subject: |
|
|
| Pearlseattle wrote: | eCryptFS was for me a candidate but I discarded it after having read this:
| Quote: | | eCryptfs is also no longer being actively developed, and its largest users (Ubuntu and Chrome OS) have migrated to other solutions. |
|
Yes, ChromeOS is using fscrypt now (https://github.com/google/fscrypt) ... and I am using it also for my /home.
I wrote a (german) article how to install it:
https://forums.gentoo.org/viewtopic-p-8629644.html#8629644
(dont mind the language; you will need only the kernel configuration and the commands)
Attention: fscrypt does not work with every filesystem ... look into the <Help> of the kernel configuration for it ... I am using EXT4 together with fscrypt.
_________________
https://wiki.gentoo.org/wiki/User:Pietinger |
|
| Back to top |
|
|
lars_the_bear
Guru
Joined: 05 Jun 2024
Posts: 522
|
| Posted: Sun Jun 23, 2024 7:05 am Post subject: |
|
|
| Pearlseattle wrote: |
I'm not sure if that's really true, just wanted to give you a heads-up before that you go all-in with eCryptFS
|
Thank you, but I went all-in a long time ago. I have hundreds of Gb of home directory data under ecryptfs. What I really need to know is whether it will decrypt correctly if I change a computer from Fedora to Gentoo, assuming that I don't touch the partition including the home directories.
My choice isn't between one method of encryption or another, but between Fedora and Gentoo. Much as I'm coming to like Gentoo, I won't be risking hundreds of Gb of data to use it.
If nobody knows the answer -- and I can see why that might be the case -- is there some way I can find out, before making an irrevocable decision?
BR, Lars. |
|
| Back to top |
|
|
Banana
Moderator
Joined: 21 May 2004
Posts: 1737
Location: Germany
|
|
| Back to top |
|
|
lars_the_bear
Guru
Joined: 05 Jun 2024
Posts: 522
|
| Posted: Sun Jun 23, 2024 9:23 am Post subject: |
|
|
Thanks. I wonder if I could boot Gentoo from the installation media, and try to mount the home directory partition somewhere under /tmp? Can I do `emerge` from the installation shell, and install the relevant modules, etc?
I will have a play later, and see if I can work it out. If I mount the partition read-only, presumably I can't break it.
BR, Lars.
PS. It wouldn't be a tragedy to have to restore from backup at this point. The tragedy would be to think everything was OK, when really half my files were gobbledegook, and then continue to send completely broken files to the backup service for the next few years, overwriting the good ones. |
|
| Back to top |
|
|
Banana
Moderator
Joined: 21 May 2004
Posts: 1737
Location: Germany
|
|
| Back to top |
|
|
lars_the_bear
Guru
Joined: 05 Jun 2024
Posts: 522
|
| Posted: Mon Jun 24, 2024 7:49 am Post subject: |
|
|
Well, after a few experiments, I decided to go for it. So far everything seems OK.
To be honest, I have no idea how the ecrypt PAM module sets up encryption keys for a specific user/password combination. But I started by creating a Gentoo user with the same name, uid, and password as I had with Fedora, and it seems fine.
I'll report back if I have reason to repent my over-confidence later.
Thanks for the suggestions.
BR, Lars. |
|
| Back to top |
|
|
|
Installing Gentoo
