What would you recommend for a simple folder encryption in Fedora. Is it LUKS , eCryptfs , other ?
Should I even encrypt the Home folder ?
Hello,
I use luks
you must encryt swap ( passwd, ⦠) and root ( and home ) to be safe
It is better to use ext4, one partition efi for /boot/efi, one partition ext4 for /boot, one encrypted partition swap for swap and only one encrypted partition ext4 for root ( then including home to not to have to resize root to gain place for home afer installā¦) otherwise one more encrypted partition ext4 for home.
NB : You can create others encrypted partition for Data,⦠using disks ( gnome-disk-utility )
Open Disks choose a free partition, Add partition, next, add name and select encrypted it will ask a passphase and format the ext4 partition.
To access to it simply from Nautilus it will ask you passwords and that it.
MODIFICATIONS:
You can change all the passphrases using disks,
You can resize encrypted partition using gparted ( swap must be kept encrypted, root and home must be uncrypted first then perform a ācheckā on root and home after resize before closing gparted ) from LiveUSB of courseā¦
Best regards
GEPLinux
So what would be the simplest way (using LUKS ) to encrypt letās say a new folder which will contain digital copies of my passport ?
Perso I do this for my sensitive documents, softwares and dongle :
On my Desktops, Laptops, ā¦
- Use gparted and a Fedora spin LiveUsb or Fedora workstation LiveUsb with sudo su ; dnf -y install gparted
- Resize home or root and free 10 GiB
- Run Disks Select the free partition
- Ask for a new partition using [+]
- Name eth new partition
- Select encrypted,
- Type passphrase with show passphrase selected to be sure of what Iām typing
Then
- Open the disk via File ( nautilus )
- Type the passphrase AND SELECT FORGET IMMEDIATLY of course
- Place all sensitives documents
- Disconnect the disk ( as USB ) immediatly
On one USB Key, DONāT FORGET BACKUP !
- Connect an USB Key
- Run Disks Select the USB
- Format
- Select encrypted,
- Type passphrase with show passphrase selected to be sure of what Iām typing
- Then open File ( nautilus )
- Type the passphrase AND SELECT FORGET IMMEDIATLY of course
- Place all sensitives documents
- Disconnect the USB Key immediatly
If you keep it on home partition you may have issues in few months as running Fedora if an upgrade to new Fedora version fails
If you simply add passwd to a generated pdf it may be cracked easely
BR
GEPLinux
@fedoranewbie
You should encrypt what you want to protect. If your home folder contains secret/private information, you should consider that. We cannot tell you which drives are secret/private for you.
dmcrypt
/LUKS
(you work mostly with the command cryptsetup
) is intended for disc/partition/volume encryption (which are then mounted to a folder):
https://docs.fedoraproject.org/en-US/quick-docs/encrypting-drives-using-LUKS/
https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/security_hardening/encrypting-block-devices-using-luks_security-hardening
You will find a lot of useful guides for cryptsetup
on the Internet.
However, theoretically, you can also create files that contain encrypted filesystems (on Unix/Linux, everything is a file) to mount that file on another folder like a partition. You can create a file (e.g., with dd
) and then do everything on the file what is described in the guides for drives/partitions. However, this may prove less reliable for you as it is no āimplement once and then forgetā solution.
What do you mean with swap and passwd? passwd
is stored on /etc/
and thus, on the root
partition.
SWAP can keep history password included it must be encrypted also specially if used with Citrixā¦
Concerning /etc it is in root then encrypted by root
I donāt use dd except for copying iso
Iām explainig my day tot day work with disk encryption during that post Iām installing Fedora and ArcoLinux on Laptop with encrypted disks and additionnal encrypted USB exactly as described and it works nice as usualā¦
I didnāt reject your approach to encrypt swap I was just confused by the
passwd
as content of swap. I assumed you mean the file. Thanks for the clarification
Thank you guys you really helped me.
I am aware of that , I did give an example of storing a digital copy of my passport in the home directory., just wanted to hear other opinnions on the matter.
Here you can see :
-
- /boot/efi
-
- /boot
-
- Encrypted root ( with Home inside )
-
- Encrypted swap ( 16 Go RAM and used for hiberbation then big size )
-
- Encrypted 600 Go Data disk ( Never broken enven during Fedora (re) installation )