Encrypting and decrypting directories under Linux

Dennis Lambe Jr. malsyned at cif.rochester.edu
Sat Dec 27 21:14:11 CET 2003


> >If you're trying to secure the entire /home tree from an intruder with
> >physical access to the machine room, your best bet (though not foolproof
> >if the computer has any physical Human Interface devices) is to use
> >Linux's crypto functionality to encrypt the entire volume /home is
> >mounted on using a symetric cypher.  This will make the hard drive, if
> >removed from the machine, useless.  On the other hand, it will require
> >that you type in a password to mount /home.
> 
> Dennis you sugestion with crypt seems fitting my need, thanks a lot. Typing
> only password seems to be better choice for user that remembering his
> private key :D.

In that case, the best place to start is the Disk-Encryption HOWTO:
http://www.ibiblio.org/pub/Linux/docs/HOWTO/Disk-Encryption-HOWTO
It explains how to add CryptoAPI to a 2.4 kernel and set up the mounting
of encrypted file systems.  If you are using a 2.6 kernel, bear in mind
that CryptoAPI has been merged into the main kernel sources as of 2.6,
so you will most likely not need to patch a 2.6 kernel to take advantage
of the advice in that HOWTO.

Let me know how it goes, this is an interesting topic.

--D
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 279 bytes
Desc: This is a digitally signed message part
Url : /pipermail/attachments/20031227/10a61e80/attachment.bin


More information about the Gnupg-users mailing list