Re: encrypted personal data

Personally, unless you have an absolute reason to encrypt your users /home partition (yes, I said partition, as it is highly desireable to set up a separate /home partition as opposed to just installing /home within the root partition), I would not do so. But, that's just me.

Re: encrypted personal data

I would prefer to encrypt files, it is easy and secure. It can be done for example using user actions in Krusader.

Re: encrypted personal data

I don't encrypt entire filesystems because I don't want to be locked out of my data if the OS fails. I may start doing it in the future though.

I do use KeePassX to store sensitive data.

For encrypting single files with a passphrase there are gnupg and ccrypt.

For one time encryption of file groups and folders you can use Info-ZIP, 7-Zip, or other archiving tools to create password protected archives, but these use notoriously weak encryption. It would be better to collect your files into a plain .zip or .tar archive and then encrypt that archive with gpg.

HTH

Re: encrypted personal data

Hi
mention was made of encrypting files in Krusader, and there are others that allow one to encrypt files with a right mouse click, Konqueror is one.

I, personally, would probably want to encrypt only files as per Telengard, if the OS goes down one can still get at the files with Knoppix or something.

However, in say, Nautilus, where there is not "direct" method of encrypting files, such as a folder, by right click, one can set permissions to only you. That would imply that you have some kind of public folder but even though others can see it. Placing the files in a folder which only has you for permissions will hide them from the eyes of others you are the only one who can access them when you are logged in.

As a reverse way of looking at Konqueror, if one runs it as kdesu then one has root access to files and can change things that need root access.

Konqueror has many advantages.

woodsmoke

Re: encrypted personal data

After installing kgpg from repository you can enter password in a small window after doubleclick to decrypt gpg type file in Dolphin, Konqueror or Krusader or during encrypting file with this right click user action in Krusader:

Re: encrypted personal data

I have a large Truecrypt container in my /home and open it (it is mounted) when needed.
The advantage is that I can open it on any computer with Truecrypt and it's really easy to back-up.
I also have a whole disk encrypted with Truecrypt but I understand this might all be lost in case of a disk failure, when a disk with a container fails you still have some options for recovery.

Anyway, I'm not too worried about data loss as I keep multiple daily back-ups.

I have not really noticed any slow down when reading and writing to these containers or the disk.

Re: encrypted personal data

You might also want to look into encfs (it's in the repositories). I do keep the home partition as part of the OS, because I run several OS's, and they definitely do not like having their configuration files shared. But my personal data itself (documents, pictures, etc) I keep on a separate partition, and I use encfs to encrypt it. Nowadays, encfs uses a key system that is accessible to different OS's, and different version of OS's, so it works out well.

Re: encrypted personal data

@doctordruidphd

thanks.

Re: encrypted personal data

I am with Snowhog on this one, on my personal laptop.

My account password will keep all but the expert Linux user out, i.e...., the one who gains personal possession of my laptop and who knows how to force Grub to show the menu, then to choose the recovery option as root, and then run "passwd accountname" to change it or remove it, thus enabling them to log into my account. To keep that person out a password on the BIOS and the boot up process would also be necessary.

The only thing I'd want to keep secret on this box is my KMyMoney file and the file containing the names and passwords of my accounts at various Internet websites. I keep several backups of them in case or my system gets damaged or stolen. If stolen I'd be at my bank to change my account and password info ASAP, and I'd be changing the passwords at this and the other sites I log on to. Everything else on this box can be restored on a new box in minutes from backup media.

When I was working and using the laptop the state of NE gave me, it came with security software and passwords pre-installed by the IT administrators. Using passwords wasn't up to me and they renewed them as often as they wanted and gave me the new password by note in my hand. I usually found out about the new password when my old one suddenly stopped working. I was amazed at how many employees wrote their passwords on stickynotes which that stuck on their monitor, their cubical wall, or even their keyboard, or all three!!!.

I just use Truecrypt and mount it as a 2GB disk. No noticeable performance hit moving files into or out of it or operating programs installed in the Truecrypt partition. I copy the file to a USB key and use it as secured transport between all my various machines. The only issue is with Kontact since I have my contacts and calendar stored in the TC partition. I just mount TC and then go into Akonadi and "modify" the address book and calendar to the now mounted TC volume and Kontact does its thing.