#1 2016-05-11 10:13:59

si20

New Member

Registered: 2016-05-11

Posts: 2

Home directory encryption

Hi all,

I'm new to Bunsenlabs. I've installed it this morning on my laptop and i'm enjoying it. I had to fix an audio issue where my fn volume keys were not working in Bunsenlabs by following this post. Now that's fixed, I just have one question: is my home directory encrypted? I know other distributions have the ability to encrypt the home directory, so does Bunsenlabs? And is it done by default? If not, how can I do it?

Thanks in advance!

damo

....moderator....

Registered: 2015-08-20

Posts: 4,586

Re: Home directory encryption

Did you mean to post in the Crunchbang Waldorf support forum? If not we can move it to an appropriate place, like "System Administration"

---

Be Excellent to Each Other...

FORUM RULES and posting guidelines «» Help page for forum post formatting
Artwork on DeviantArt  «» BunsenLabs on DeviantArt

si20

New Member

Registered: 2016-05-11

Posts: 2

Re: Home directory encryption

Sorry yes, if it could be moved that'd be good. Thanks!

damo

....moderator....

Registered: 2015-08-20

Posts: 4,586

Re: Home directory encryption

https://wiki.debian.org/TransparentEncr … HomeFolder

and

Look before you leap into Disk Encryption

NB The Help menu has extensive links to Debian system management etc

---

Be Excellent to Each Other...

FORUM RULES and posting guidelines «» Help page for forum post formatting
Artwork on DeviantArt  «» BunsenLabs on DeviantArt

GreenMartian

Member

Registered: 2017-01-19

Posts: 28

Re: Home directory encryption

si20,

Unfortunately, there is currently no option in the Debian installer in order to select disk encryption. BL uses the Debian installer.

If you're used to some other distros like Ubuntu or Mint, they use their own installers which generally will offer that option during the install process.

With BL, you'll have to manually set it up.

johnraff

nullglob

From: Nagoya, Japan

Registered: 2015-09-09

Posts: 4,929

Website

Re: Home directory encryption

Unfortunately, there is currently no option in the Debian installer in order to select disk encryption.

There is, actually, I've used it in the past.
"encrypted LVM" is available on the BunsenLabs installer too:

---

John
--------------------
( a boring Japan blog , Japan Links, idle twitterings  and GitStuff )
In case you forget, the rules.

GreenMartian

Member

Registered: 2017-01-19

Posts: 28

Re: Home directory encryption

Thanks for that correction, John.

I wish I would have seen that option during install, at least for the home folder. 

Is that option in the graphical install?

Thanks,
GM

johnraff

nullglob

From: Nagoya, Japan

Registered: 2015-09-09

Posts: 4,929

Website

Re: Home directory encryption

^yes. I've just checked, and did an encrypted install (whole disk, except for grub) on a virtual machine.
Very easy - you just have to set a passphrase, basically.

Once installed, after the grub boot screen, you enter the passphrase in the tty before going on to the LightDM login screen.

Last edited by johnraff (2017-02-03 06:00:38)

---

John
--------------------
( a boring Japan blog , Japan Links, idle twitterings  and GitStuff )
In case you forget, the rules.

martix

Kim Jong-un Stunt Double

Registered: 2016-02-19

Posts: 1,267

Re: Home directory encryption

Here is a detailed "how to" of #BĹ full disk encryption:
https://forums.bunsenlabs.org/viewtopic.php?id=1272

If I'm not mistaken it's also possible to create only an encrypted home directory via installer (on a logical volume group just encrypt home ((lvm home))). There are also several easy to find tutorials on the net of encrypting the home folder afterwards. Did not try this method though, somehow setting it up from the beginning seems to be easier.

Bearded_Blunder

Member

From: Seat: seat0; vc7

Registered: 2015-09-29

Posts: 602

Re: Home directory encryption

Which way you jump depends why you're encrypting, there are some use cases on multi-user systems that might justify setting up encrypted /home as linked by @damo  "in case my computer / hard drive gets stolen" isn't one that justifies the extra pain compared to setting up encrypted LVM during install, in the latter much more common case whole disk encryption (encrypted LVM for Linux, veracrypt / bitlocker for Windows) is the more reliable and less error prone option, if you have one there's even more to be said in favour of a self encrypting drive and a default install.  The KISS principle is doubly important with encryption, because an error or failure resulting in massive unrecoverable data loss is much more likely.

As soon as you start down the encryption road, the importance of backing up your data quadruples (at least), and gets complicated more by the potential need (depending on threat model) to encrypt your backups too...

Also beware the extra BL GOTCHA if you manually encrypt /home namely that graphical login breaks because LightDM calls a script which checks for things that aren't yet decrypted, errors silently, and dumps you back at the login screen in an endless circle.

---

Blessed is he who expecteth nothing, for he shall not be disappointed...
If there's an obscure or silly way to break it, but you don't know what.. Just ask me