Encrypting a specif folder Fedora?

Ask Fedora
1

What would you recommend for a simple folder encryption in Fedora. Is it LUKS , eCryptfs , other ?
Should I even encrypt the Home folder ?

2

Hello,
I use luks
you must encryt swap ( passwd, ā€¦ ) and root ( and home ) to be safe

It is better to use ext4, one partition efi for /boot/efi, one partition ext4 for /boot, one encrypted partition swap for swap and only one encrypted partition ext4 for root ( then including home to not to have to resize root to gain place for home afer installā€¦) otherwise one more encrypted partition ext4 for home.

NB : You can create others encrypted partition for Data,ā€¦ using disks ( gnome-disk-utility )
Open Disks choose a free partition, Add partition, next, add name and select encrypted it will ask a passphase and format the ext4 partition.
To access to it simply from Nautilus it will ask you passwords and that it.

MODIFICATIONS:
You can change all the passphrases using disks,
You can resize encrypted partition using gparted ( swap must be kept encrypted, root and home must be uncrypted first then perform a ā€˜checkā€™ on root and home after resize before closing gparted ) from LiveUSB of courseā€¦

Best regards
GEPLinux

1 Like
3

So what would be the simplest way (using LUKS ) to encrypt letā€™s say a new folder which will contain digital copies of my passport ?

4

Perso I do this for my sensitive documents, softwares and dongle :

On my Desktops, Laptops, ā€¦

  1. Use gparted and a Fedora spin LiveUsb or Fedora workstation LiveUsb with sudo su ; dnf -y install gparted
  2. Resize home or root and free 10 GiB
  3. Run Disks Select the free partition
  4. Ask for a new partition using [+]
  5. Name eth new partition
  6. Select encrypted,
  7. Type passphrase with show passphrase selected to be sure of what Iā€™m typing

Then

  1. Open the disk via File ( nautilus )
  2. Type the passphrase AND SELECT FORGET IMMEDIATLY of course
  3. Place all sensitives documents
  4. Disconnect the disk ( as USB ) immediatly

On one USB Key, DONā€™T FORGET BACKUP !

  1. Connect an USB Key
  2. Run Disks Select the USB
  3. Format
  4. Select encrypted,
  5. Type passphrase with show passphrase selected to be sure of what Iā€™m typing
  6. Then open File ( nautilus )
  7. Type the passphrase AND SELECT FORGET IMMEDIATLY of course
  8. Place all sensitives documents
  9. Disconnect the USB Key immediatly

If you keep it on home partition you may have issues in few months as running Fedora if an upgrade to new Fedora version fails
If you simply add passwd to a generated pdf it may be cracked easely
BR
GEPLinux

1 Like
5

@fedoranewbie
You should encrypt what you want to protect. If your home folder contains secret/private information, you should consider that. We cannot tell you which drives are secret/private for you.

dmcrypt/LUKS (you work mostly with the command cryptsetup) is intended for disc/partition/volume encryption (which are then mounted to a folder):

https://docs.fedoraproject.org/en-US/quick-docs/encrypting-drives-using-LUKS/
https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/security_hardening/encrypting-block-devices-using-luks_security-hardening

You will find a lot of useful guides for cryptsetup on the Internet.

However, theoretically, you can also create files that contain encrypted filesystems (on Unix/Linux, everything is a file) to mount that file on another folder like a partition. You can create a file (e.g., with dd) and then do everything on the file what is described in the guides for drives/partitions. However, this may prove less reliable for you as it is no ā€œimplement once and then forgetā€ solution.

@geplinux

What do you mean with swap and passwd? passwd is stored on /etc/ and thus, on the root partition.

6

SWAP can keep history password included it must be encrypted also specially if used with Citrixā€¦

Concerning /etc it is in root then encrypted by root
I donā€™t use dd except for copying iso

Iā€™m explainig my day tot day work with disk encryption during that post Iā€™m installing Fedora and ArcoLinux on Laptop with encrypted disks and additionnal encrypted USB exactly as described and it works nice as usualā€¦

1 Like
7

I didnā€™t reject your approach to encrypt swap :wink: I was just confused by the passwd as content of swap. I assumed you mean the file. Thanks for the clarification :slight_smile:

3 Likes
8

Thank you guys you really helped me.

I am aware of that , I did give an example of storing a digital copy of my passport in the home directory., just wanted to hear other opinnions on the matter.

1 Like
9

a027e7ea1e39e5e75855e2a7222e6efca0f20276.png
a027e7ea1e39e5e75855e2a7222e6efca0f20276.png809Ɨ413 40.1 KB

1 Like
10

Here you can see :

    • /boot/efi
    • /boot
    • Encrypted root ( with Home inside )
    • Encrypted swap ( 16 Go RAM and used for hiberbation then big size )
    • Encrypted 600 Go Data disk ( Never broken enven during Fedora (re) installation )
1 Like
11

c8b0e0c35b29503bd582f8a88badb26b012e8232.png

1 Like