2

I'm running Arch Linux and would like to encrypt my personal files in my home directory /home/myusername. What is the recommended way of encrypting it? I've already read about dm-crypt and LUKS. But both methods seem to require entering a password after every (re)boot. Is there a other more easy way?

Additionally, would you recommending encrypting the complete / partition?

reonod
  • 21
  • 1
  • For the password to not be required, the encryption key must be stored unprotected, which makes the encryption worthless. Anybody with physical access to the hard disk will be able to access your encrypted data. – gronostaj Feb 14 '20 at 19:30
  • TPM could be used to skip password entry securely, but as far as I know TPM support on Linux is still very limited. It can be configured on legacy boot systems with a modified GRUB, but it's not easy and UEFI boot support is missing. – gronostaj Feb 14 '20 at 19:33
  • @gronostaj, that's not true. I am using clevis with TPM & TANG pins for data partition encryption on UEFI system with secure boot and CentOS 7.7 and this works without any problems. Replace data partition (to be precise: LV actually) with home partition and this should work. – Tomek Feb 14 '20 at 19:58
  • @Tomek Interesting, I haven't heard of it. You could improve your answer by providing some configuration details, rather than only links (which can rot). – gronostaj Feb 14 '20 at 21:45
  • Well, unfortunately it IS a bit involving. But both are included in RHEL, CentOS and Fedora and man pages provide some level of detail. And it is RedHat behind that project so I suspect it WILL survive. – Tomek Feb 14 '20 at 22:02

2 Answers2

1

Consider the information from "Benjamin's Blog":

How to: Encrypt your Home directory in Arch Linux

Vassilis Papanikolaou
  • 131
  • 4
0

I suggest looking at clevis with luks binding and tang for that purpose.

EDIT: There is some documentation on these tools in official RHEL documentation but one needs to search for it. They are included in recent RHEL, CentOS and Fedora (and likely others) and they do come with reasonable man pages. But they DO need some investment of time.

Tomek
  • 1,133
  • 7
  • 9