Home directory encryption

si20 · 2016-05-11 10:13:59

Hi all,

I'm new to Bunsenlabs. I've installed it this morning on my laptop and i'm enjoying it. I had to fix an audio issue where my fn volume keys were not working in Bunsenlabs by following this post. Now that's fixed, I just have one question: is my home directory encrypted? I know other distributions have the ability to encrypt the home directory, so does Bunsenlabs? And is it done by default? If not, how can I do it?

Thanks in advance!

damo · 2016-05-11 11:11:37

Did you mean to post in the Crunchbang Waldorf support forum? If not we can move it to an appropriate place, like "System Administration"

si20 · 2016-05-11 11:24:58

Sorry yes, if it could be moved that'd be good. Thanks!

damo · 2016-05-11 11:46:35

https://wiki.debian.org/TransparentEncr … HomeFolder

and

Look before you leap into Disk Encryption

NB The Help menu has extensive links to Debian system management etc

GreenMartian · 2017-02-02 04:11:07

si20,

Unfortunately, there is currently no option in the Debian installer in order to select disk encryption. BL uses the Debian installer.

If you're used to some other distros like Ubuntu or Mint, they use their own installers which generally will offer that option during the install process.

With BL, you'll have to manually set it up.

johnraff · 2017-02-02 04:25:23

GreenMartian wrote:

Unfortunately, there is currently no option in the Debian installer in order to select disk encryption.

There is, actually, I've used it in the past.
"encrypted LVM" is available on the BunsenLabs installer too:

GreenMartian · 2017-02-02 05:41:48

Thanks for that correction, John.

I wish I would have seen that option during install, at least for the home folder. wink

Is that option in the graphical install?

Thanks,
GM

johnraff · 2017-02-03 05:56:17

^yes. I've just checked, and did an encrypted install (whole disk, except for grub) on a virtual machine.
Very easy - you just have to set a passphrase, basically.

Once installed, after the grub boot screen, you enter the passphrase in the tty before going on to the LightDM login screen.

Last edited by johnraff (2017-02-03 06:00:38)

martix · 2017-02-03 23:07:58

Here is a detailed "how to" of #BĹ full disk encryption:
https://forums.bunsenlabs.org/viewtopic.php?id=1272

If I'm not mistaken it's also possible to create only an encrypted home directory via installer (on a logical volume group just encrypt home ((lvm home))). There are also several easy to find tutorials on the net of encrypting the home folder afterwards. Did not try this method though, somehow setting it up from the beginning seems to be easier.

Bearded_Blunder · 2017-03-16 04:56:44

Which way you jump depends why you're encrypting, there are some use cases on multi-user systems that might justify setting up encrypted /home as linked by @damo "in case my computer / hard drive gets stolen" isn't one that justifies the extra pain compared to setting up encrypted LVM during install, in the latter much more common case whole disk encryption (encrypted LVM for Linux, veracrypt / bitlocker for Windows) is the more reliable and less error prone option, if you have one there's even more to be said in favour of a self encrypting drive and a default install. The KISS principle is doubly important with encryption, because an error or failure resulting in massive unrecoverable data loss is much more likely.

As soon as you start down the encryption road, the importance of backing up your data quadruples (at least), and gets complicated more by the potential need (depending on threat model) to encrypt your backups too...

Also beware the extra BL GOTCHA if you manually encrypt /home namely that graphical login breaks because LightDM calls a script which checks for things that aren't yet decrypted, errors silently, and dumps you back at the login screen in an endless circle.

#1 2016-05-11 10:13:59

Home directory encryption

#2 2016-05-11 11:11:37

Re: Home directory encryption

#3 2016-05-11 11:24:58

Re: Home directory encryption

#4 2016-05-11 11:46:35

Re: Home directory encryption

#5 2017-02-02 04:11:07

Re: Home directory encryption

#6 2017-02-02 04:25:23

Re: Home directory encryption

#7 2017-02-02 05:41:48

Re: Home directory encryption

#8 2017-02-03 05:56:17

Re: Home directory encryption

#9 2017-02-03 23:07:58

Re: Home directory encryption

#10 2017-03-16 04:56:44

Re: Home directory encryption

Board footer