Installing ecryptfs in BT4.

[Archangel-Amael]

Installing ecryptfs in BT4.
This guide is a simple one to get encryption setup. This is not the best way of doing things
However it is probably the quickest and easiest to do.
First things:

Code:

 root@bt:~# apt-get install ecryptfs-utils
Reading package lists... Done
The following NEW packages will be installed:
  ecryptfs-utils libecryptfs0 libtspi1
0 upgraded, 3 newly installed, 0 to remove and 19 not upgraded.
Need to get 331kB of archives.
After this operation, 1212kB of additional disk space will be used.
Do you want to continue [Y/n]? y

After the install is complete before you go on READ THE MAN PAGE and the faq

Code:

root@bt:~# man ecryptfs 
root@bt:~# /usr/share/doc/ecryptfs-utils/ecryptfs-faq.html

See also the web page at http://ecryptfs.sourceforge.net/
This is important for your security.
Next run the setup

Code:

root@bt:~# ecryptfs-setup-private
Enter your log in passphrase: enter your actual log in info here
Enter your mount passphrase [leave blank to generate one]:
************************************************************************
YOU SHOULD RECORD THIS MOUNT PASSPHRASE AND STORE IN A SAFE LOCATION:
a706b05233346537fa28121a40e2040ce
THIS WILL BE REQUIRED IF YOU NEED TO RECOVER YOUR DATA AT A LATER TIME.
************************************************************************
Done configuring.
Testing mount/write/umount/read...
Testing succeeded.

Once this is done there will be a new directory created called Private
Since I did this with the root user account it is stored in /
Inside this directory is a readme read it before proceeding.
So in order to use your new encrypted directory you will need to log out and back in.
Now your log in passphrase along with the aforementioned mount passphrase will be used to mount the directory Private.
New users accounts can be added simply by:

Code:

root@bt:~# adduser -encrypt-home foo

There are caveats to using this type of system. Only data you store in Private is encrypted. Any data saved or collected while browsing the internet that is stored elsewhere on the system will be not be encrypted. If you have a swap partition it will not be encrypted either. As with most encryption systems if you leave physical access or access to the encrypted container open (suppose you leave the computer and go out for a coffee, without logging out) then again the data would be accessible. Also when you log out the folder will show that there is encrypted data in the directory. There are more options available in the man page.

Have fun.

[lordplagueis]

this is just what I needed I was experimenting with luks/lvm but this is much easier thank you archangel-amael

[clutch]

Thank you for this and for your help on IRC.

I didn't need full-on HDD encryption, but wanted a safe place to dump a few "grey area"-type files and this works out perfectly for me.

I recommend installing as root and then using a slightly less privileged user for general use. Then you can just su to the root to access your Private directory or run applications that need root privs. This decreases the chances of someone gaining access if you get up to go to the bathroom/get coffee/whatever, especially if you keep in the habit of always hitting ctl+alt+l any time you walk away from the keyboard no matter what.