Version vom 29. Juli 2020, 08:37 Uhr

Transparente Verschlüsselung für Anwender-Home-Verzeichnisse

Anforderungen

Notwendige Software installieren

# apt-get install ecryptfs-utils rsync lsof

Das ecryptfs kernel module laden

# modprobe ecryptfs

Permanent in /etc/modules-load.d/modules.conf eintragen

Assisted Encrypted Home Directory

The user whose home directory you want to encrypt MUST NOT be logged in. For example, you can be logged as root in a tty.

Then run as root:

# ecryptfs-migrate-home -u <username>

When this is done the user must login BEFORE rebooting the computer.

If the user can access the files in the users home directory you can remove the backup folder in /home/<username>.<random characters>

The user should also run this command to get the random encryption key and store it in a secure location (outside the encrypted home directory and not on the same machine) in case a recovery is needed:

ecryptfs-unwrap-passphrase

Assisted Encrypted Swap Partition

To encrypt the swap partition too:

# apt-get install cryptsetup
# ecryptfs-setup-swap

Quellen

https://wiki.debian.org/TransparentEncryptionForHomeFolder

@@ Zeile 1: / Zeile 1: @@
-Transparent Encryption For a User's Home Folder
+Transparente Verschlüsselung für Anwender-Home-Verzeichnisse
-=Requirements=
+=Anforderungen=
+Notwendige Software installieren
-First install the packages ecryptfs-utils and rsync:
   # apt-get install ecryptfs-utils rsync lsof
-Then load the ecryptfs kernel module:
+Das ecryptfs kernel module laden
   # modprobe ecryptfs
-And make it permanent in /etc/modules-load.d/modules.conf.
+Permanent in /etc/modules-load.d/modules.conf eintragen
 =Assisted Encrypted Home Directory=