You are not logged in.

#1 2016-05-11 10:13:59

si20
New Member
Registered: 2016-05-11
Posts: 2

Home directory encryption

Hi all,

I'm new to Bunsenlabs. I've installed it this morning on my laptop and i'm enjoying it. I had to fix an audio issue where my fn volume keys were not working in Bunsenlabs by following this post. Now that's fixed, I just have one question: is my home directory encrypted? I know other distributions have the ability to encrypt the home directory, so does Bunsenlabs? And is it done by default? If not, how can I do it?

Thanks in advance!

Offline

#2 2016-05-11 11:11:37

damo
....moderator....
Registered: 2015-08-20
Posts: 6,734

Re: Home directory encryption

Did you mean to post in the Crunchbang Waldorf support forum? If not we can move it to an appropriate place, like "System Administration"


Be Excellent to Each Other...
The Bunsenlabs Lithium Desktop » Here
FORUM RULES and posting guidelines «» Help page for forum post formatting
Artwork on DeviantArt  «» BunsenLabs on DeviantArt

Offline

#3 2016-05-11 11:24:58

si20
New Member
Registered: 2016-05-11
Posts: 2

Re: Home directory encryption

Sorry yes, if it could be moved that'd be good. Thanks!

Offline

#4 2016-05-11 11:46:35

damo
....moderator....
Registered: 2015-08-20
Posts: 6,734

Re: Home directory encryption

https://wiki.debian.org/TransparentEncr … HomeFolder

and

Look before you leap into Disk Encryption

NB The Help menu has extensive links to Debian system management etc


Be Excellent to Each Other...
The Bunsenlabs Lithium Desktop » Here
FORUM RULES and posting guidelines «» Help page for forum post formatting
Artwork on DeviantArt  «» BunsenLabs on DeviantArt

Offline

#5 2017-02-02 04:25:23

johnraff
nullglob
From: Nagoya, Japan
Registered: 2015-09-09
Posts: 12,688
Website

Re: Home directory encryption

GreenMartian wrote:

Unfortunately, there is currently no option in the Debian installer in order to select disk encryption.

There is, actually, I've used it in the past.
"encrypted LVM" is available on the BunsenLabs installer too:
Screenshot_020217_13_19_03.jpg


...elevator in the Brain Hotel, broken down but just as well...
( a boring Japan blog (currently paused), now on Bluesky, there's also some GitStuff )

Introduction to the Bunsenlabs Boron Desktop

Online

#6 2017-02-03 05:56:17

johnraff
nullglob
From: Nagoya, Japan
Registered: 2015-09-09
Posts: 12,688
Website

Re: Home directory encryption

^yes. I've just checked, and did an encrypted install (whole disk, except for grub) on a virtual machine.
Very easy - you just have to set a passphrase, basically.

Once installed, after the grub boot screen, you enter the passphrase in the tty before going on to the LightDM login screen.

Last edited by johnraff (2017-02-03 06:00:38)


...elevator in the Brain Hotel, broken down but just as well...
( a boring Japan blog (currently paused), now on Bluesky, there's also some GitStuff )

Introduction to the Bunsenlabs Boron Desktop

Online

#7 2017-02-03 23:07:58

martix
Kim Jong-un Stunt Double
Registered: 2016-02-19
Posts: 1,267

Re: Home directory encryption

Here is a detailed "how to" of #BĹ full disk encryption:
https://forums.bunsenlabs.org/viewtopic.php?id=1272

If I'm not mistaken it's also possible to create only an encrypted home directory via installer (on a logical volume group just encrypt home ((lvm home))). There are also several easy to find tutorials on the net of encrypting the home folder afterwards. Did not try this method though, somehow setting it up from the beginning seems to be easier.

Offline

#8 2017-03-16 04:56:44

Bearded_Blunder
Dodging A Bullet
From: Seat: seat0; vc7
Registered: 2015-09-29
Posts: 1,146

Re: Home directory encryption

Which way you jump depends why you're encrypting, there are some use cases on multi-user systems that might justify setting up encrypted /home as linked by @damo  "in case my computer / hard drive gets stolen" isn't one that justifies the extra pain compared to setting up encrypted LVM during install, in the latter much more common case whole disk encryption (encrypted LVM for Linux, veracrypt / bitlocker for Windows) is the more reliable and less error prone option, if you have one there's even more to be said in favour of a self encrypting drive and a default install.  The KISS principle is doubly important with encryption, because an error or failure resulting in massive unrecoverable data loss is much more likely.

As soon as you start down the encryption road, the importance of backing up your data quadruples (at least), and gets complicated more by the potential need (depending on threat model) to encrypt your backups too...

Also beware the extra BL GOTCHA if you manually encrypt /home namely that graphical login breaks because LightDM calls a script which checks for things that aren't yet decrypted, errors silently, and dumps you back at the login screen in an endless circle.


Blessed is he who expecteth nothing, for he shall not be disappointed...
If there's an obscure or silly way to break it, but you don't know what.. Just ask me

Offline

Board footer

Powered by FluxBB