key file for linux home encryption?
I was surprised to discover, after considerable searching, a particular use case for data encryption is hardly or never discussed in the Linux community, much less readily supported. This case is to create a user account with strong encryption but without encrypting other parts of the system.
Currently, I have a (Mint) Linux system with one account. Neither the home directory nor the system is encrypted, and I have no wish to encrypt either, as doing so adds unwanted hassle to basic use of the system. I would, however, like a secure area to perform sensitive operations, which includes securing not only data files, but also application configuration and logs, data normally stored automatically in the home directory.
It seems necessary that I create a second user account, with an encrypted home directory.
The common approach is to use a tool called ecryptfs-migrate-home, which ships with many Debian-based distributions, and which encrypts a home directory, against a user's password, creating a new instance of an ecrypt file system. It then configures the system to decrypt the directory against the login password when the user logs in. Unfortunately, this model does not appear optimal for a wide variety of cases one might consider in the current state of advancement, where it is plain to see a conflict between a user password that is quick to type and easy to remember, compared to a strong key needed to be safe against the capabilities of fast and abundant hardware available to an attacker.
Based on these considerations, I would want the second user account to be accessible only when a key file is available, through an external storage medium such as a USB stick.
I am aware that users are employing various solutions to encrypt directories that contain sensitive data files. However, unless an entire home directory is encrypted, an application can leave hints outside of the encrypted region that an attacker can exploit. What is badly needed is a sandbox that guarantees that the user (which has no root access) cannot write any data outside the encrypted store.
A simple example would be if a user needs to have privacy about browser history. Remembering to use a private browsing session is prone to error, and means that bookmarks, cookies, and history do not persist across sessions.
Can anyone suggest a way to make a user's entire directory encrypted, such that access is simple and straightforward if a USB stick containing a key is available, but secure otherwise?
linux security encryption
asked Jan 14 at 20:16
eplepl
104
add a comment |
I was surprised to discover, after considerable searching, a particular use case for data encryption is hardly or never discussed in the Linux community, much less readily supported. This case is to create a user account with strong encryption but without encrypting other parts of the system.
Currently, I have a (Mint) Linux system with one account. Neither the home directory nor the system is encrypted, and I have no wish to encrypt either, as doing so adds unwanted hassle to basic use of the system. I would, however, like a secure area to perform sensitive operations, which includes securing not only data files, but also application configuration and logs, data normally stored automatically in the home directory.
It seems necessary that I create a second user account, with an encrypted home directory.
The common approach is to use a tool called ecryptfs-migrate-home, which ships with many Debian-based distributions, and which encrypts a home directory, against a user's password, creating a new instance of an ecrypt file system. It then configures the system to decrypt the directory against the login password when the user logs in. Unfortunately, this model does not appear optimal for a wide variety of cases one might consider in the current state of advancement, where it is plain to see a conflict between a user password that is quick to type and easy to remember, compared to a strong key needed to be safe against the capabilities of fast and abundant hardware available to an attacker.
Based on these considerations, I would want the second user account to be accessible only when a key file is available, through an external storage medium such as a USB stick.
I am aware that users are employing various solutions to encrypt directories that contain sensitive data files. However, unless an entire home directory is encrypted, an application can leave hints outside of the encrypted region that an attacker can exploit. What is badly needed is a sandbox that guarantees that the user (which has no root access) cannot write any data outside the encrypted store.
A simple example would be if a user needs to have privacy about browser history. Remembering to use a private browsing session is prone to error, and means that bookmarks, cookies, and history do not persist across sessions.
Can anyone suggest a way to make a user's entire directory encrypted, such that access is simple and straightforward if a USB stick containing a key is available, but secure otherwise?
linux security encryption
asked Jan 14 at 20:16
eplepl
104
You're literally talking about an encrypted home, with eCryptfs. Strong passwords can be quick to type... like this sentence could be one. Or you're only looking for a keyfile specifically to login? But if you're worried about other traces left behind by programs or even swap then xenoid's right (+1) and you need to encrypt everything, or write nothing. Maybe look into TAILS
– Xen2050
Jan 15 at 0:23
Thanks. My understanding is that key files provide much stronger security, with passwords increasingly vulnerable to brute force attack by clusters. A password on a private system is used frequently, whether restarting a daemon or installing a package. I see a conflict between the needed convenience of simple passwords and the cryptographic safety of strong ones. Swap could be an issue I would have consider, but as it is less used these days I think that browser and open file history is the much more serious problem. Having a strong key that isn't needed just to callsudois a great help.
– epl
Jan 15 at 2:48
(1) If I understand you correctly, you want to modifyencryptfsto use a key file in a certain location (e.g. a mounted USB stick) instead of a password. That should be possible in principle, but will require to understand how a login withencryptfsworks (which I don't, I'd have to read the code) and modify it accordingly. So it's doable, but requires effort and programming knowledge. (2) You can sandbox a user in any way you want, (a) by making sure all other permissions are restrictive, (b) withchrootand bind mounts (docker-style), or possibly in other ways.
– dirkt
Jan 15 at 9:06
Due to stability concerns, I am specifically avoiding a homegrown solution such as a quick modification to encryptfs. I am rather inquiring about a pre-existing, tested solution with similar effect but different or additional features, including flexibility about key type and location. It would also be interesting to know whether solutions exist that support stacking other cryptographic file systems (e.g. encfs or successors) per user for home data. Essentially, I would want to combine the automation ofecrypt-migrate-homewith other features in general use for partially encrypted systems.
– epl
Jan 16 at 0:09
So is the consensus that the only existing out-of-the-box solution for user-level home directory encryption isecrypt-migrate-home, which has the following restrictions?: 1) No support for keys stored externally, or otherwise different from the user password? 2) No support for encrypted file systems other than eCryptfs?
– epl
Jan 19 at 8:04
add a comment |
I was surprised to discover, after considerable searching, a particular use case for data encryption is hardly or never discussed in the Linux community, much less readily supported. This case is to create a user account with strong encryption but without encrypting other parts of the system.
Currently, I have a (Mint) Linux system with one account. Neither the home directory nor the system is encrypted, and I have no wish to encrypt either, as doing so adds unwanted hassle to basic use of the system. I would, however, like a secure area to perform sensitive operations, which includes securing not only data files, but also application configuration and logs, data normally stored automatically in the home directory.
It seems necessary that I create a second user account, with an encrypted home directory.
The common approach is to use a tool called ecryptfs-migrate-home, which ships with many Debian-based distributions, and which encrypts a home directory, against a user's password, creating a new instance of an ecrypt file system. It then configures the system to decrypt the directory against the login password when the user logs in. Unfortunately, this model does not appear optimal for a wide variety of cases one might consider in the current state of advancement, where it is plain to see a conflict between a user password that is quick to type and easy to remember, compared to a strong key needed to be safe against the capabilities of fast and abundant hardware available to an attacker.
Based on these considerations, I would want the second user account to be accessible only when a key file is available, through an external storage medium such as a USB stick.
I am aware that users are employing various solutions to encrypt directories that contain sensitive data files. However, unless an entire home directory is encrypted, an application can leave hints outside of the encrypted region that an attacker can exploit. What is badly needed is a sandbox that guarantees that the user (which has no root access) cannot write any data outside the encrypted store.
A simple example would be if a user needs to have privacy about browser history. Remembering to use a private browsing session is prone to error, and means that bookmarks, cookies, and history do not persist across sessions.
Can anyone suggest a way to make a user's entire directory encrypted, such that access is simple and straightforward if a USB stick containing a key is available, but secure otherwise?
linux security encryption
asked Jan 14 at 20:16
eplepl
104
I was surprised to discover, after considerable searching, a particular use case for data encryption is hardly or never discussed in the Linux community, much less readily supported. This case is to create a user account with strong encryption but without encrypting other parts of the system.
Currently, I have a (Mint) Linux system with one account. Neither the home directory nor the system is encrypted, and I have no wish to encrypt either, as doing so adds unwanted hassle to basic use of the system. I would, however, like a secure area to perform sensitive operations, which includes securing not only data files, but also application configuration and logs, data normally stored automatically in the home directory.
It seems necessary that I create a second user account, with an encrypted home directory.
The common approach is to use a tool called ecryptfs-migrate-home, which ships with many Debian-based distributions, and which encrypts a home directory, against a user's password, creating a new instance of an ecrypt file system. It then configures the system to decrypt the directory against the login password when the user logs in. Unfortunately, this model does not appear optimal for a wide variety of cases one might consider in the current state of advancement, where it is plain to see a conflict between a user password that is quick to type and easy to remember, compared to a strong key needed to be safe against the capabilities of fast and abundant hardware available to an attacker.
Based on these considerations, I would want the second user account to be accessible only when a key file is available, through an external storage medium such as a USB stick.
I am aware that users are employing various solutions to encrypt directories that contain sensitive data files. However, unless an entire home directory is encrypted, an application can leave hints outside of the encrypted region that an attacker can exploit. What is badly needed is a sandbox that guarantees that the user (which has no root access) cannot write any data outside the encrypted store.
A simple example would be if a user needs to have privacy about browser history. Remembering to use a private browsing session is prone to error, and means that bookmarks, cookies, and history do not persist across sessions.
Can anyone suggest a way to make a user's entire directory encrypted, such that access is simple and straightforward if a USB stick containing a key is available, but secure otherwise?
linux security encryption
linux security encryption
asked Jan 14 at 20:16
eplepl
104
asked Jan 14 at 20:16
eplepl
104
asked Jan 14 at 20:16
eplepl
104
asked Jan 14 at 20:16
eplepl
104
asked Jan 14 at 20:16
eplepl
104
104
You're literally talking about an encrypted home, with eCryptfs. Strong passwords can be quick to type... like this sentence could be one. Or you're only looking for a keyfile specifically to login? But if you're worried about other traces left behind by programs or even swap then xenoid's right (+1) and you need to encrypt everything, or write nothing. Maybe look into TAILS
– Xen2050
Jan 15 at 0:23
Thanks. My understanding is that key files provide much stronger security, with passwords increasingly vulnerable to brute force attack by clusters. A password on a private system is used frequently, whether restarting a daemon or installing a package. I see a conflict between the needed convenience of simple passwords and the cryptographic safety of strong ones. Swap could be an issue I would have consider, but as it is less used these days I think that browser and open file history is the much more serious problem. Having a strong key that isn't needed just to callsudois a great help.
– epl
Jan 15 at 2:48
(1) If I understand you correctly, you want to modifyencryptfsto use a key file in a certain location (e.g. a mounted USB stick) instead of a password. That should be possible in principle, but will require to understand how a login withencryptfsworks (which I don't, I'd have to read the code) and modify it accordingly. So it's doable, but requires effort and programming knowledge. (2) You can sandbox a user in any way you want, (a) by making sure all other permissions are restrictive, (b) withchrootand bind mounts (docker-style), or possibly in other ways.
– dirkt
Jan 15 at 9:06
Due to stability concerns, I am specifically avoiding a homegrown solution such as a quick modification to encryptfs. I am rather inquiring about a pre-existing, tested solution with similar effect but different or additional features, including flexibility about key type and location. It would also be interesting to know whether solutions exist that support stacking other cryptographic file systems (e.g. encfs or successors) per user for home data. Essentially, I would want to combine the automation ofecrypt-migrate-homewith other features in general use for partially encrypted systems.
– epl
Jan 16 at 0:09
So is the consensus that the only existing out-of-the-box solution for user-level home directory encryption isecrypt-migrate-home, which has the following restrictions?: 1) No support for keys stored externally, or otherwise different from the user password? 2) No support for encrypted file systems other than eCryptfs?
– epl
Jan 19 at 8:04
add a comment |
You're literally talking about an encrypted home, with eCryptfs. Strong passwords can be quick to type... like this sentence could be one. Or you're only looking for a keyfile specifically to login? But if you're worried about other traces left behind by programs or even swap then xenoid's right (+1) and you need to encrypt everything, or write nothing. Maybe look into TAILS
– Xen2050
Jan 15 at 0:23
Thanks. My understanding is that key files provide much stronger security, with passwords increasingly vulnerable to brute force attack by clusters. A password on a private system is used frequently, whether restarting a daemon or installing a package. I see a conflict between the needed convenience of simple passwords and the cryptographic safety of strong ones. Swap could be an issue I would have consider, but as it is less used these days I think that browser and open file history is the much more serious problem. Having a strong key that isn't needed just to callsudois a great help.
– epl
Jan 15 at 2:48
(1) If I understand you correctly, you want to modifyencryptfsto use a key file in a certain location (e.g. a mounted USB stick) instead of a password. That should be possible in principle, but will require to understand how a login withencryptfsworks (which I don't, I'd have to read the code) and modify it accordingly. So it's doable, but requires effort and programming knowledge. (2) You can sandbox a user in any way you want, (a) by making sure all other permissions are restrictive, (b) withchrootand bind mounts (docker-style), or possibly in other ways.
– dirkt
Jan 15 at 9:06
Due to stability concerns, I am specifically avoiding a homegrown solution such as a quick modification to encryptfs. I am rather inquiring about a pre-existing, tested solution with similar effect but different or additional features, including flexibility about key type and location. It would also be interesting to know whether solutions exist that support stacking other cryptographic file systems (e.g. encfs or successors) per user for home data. Essentially, I would want to combine the automation ofecrypt-migrate-homewith other features in general use for partially encrypted systems.
– epl
Jan 16 at 0:09
So is the consensus that the only existing out-of-the-box solution for user-level home directory encryption isecrypt-migrate-home, which has the following restrictions?: 1) No support for keys stored externally, or otherwise different from the user password? 2) No support for encrypted file systems other than eCryptfs?
– epl
Jan 19 at 8:04
You're literally talking about an encrypted home, with eCryptfs. Strong passwords can be quick to type... like this sentence could be one. Or you're only looking for a keyfile specifically to login? But if you're worried about other traces left behind by programs or even swap then xenoid's right (+1) and you need to encrypt everything, or write nothing. Maybe look into TAILS
– Xen2050
Jan 15 at 0:23
You're literally talking about an encrypted home, with eCryptfs. Strong passwords can be quick to type... like this sentence could be one. Or you're only looking for a keyfile specifically to login? But if you're worried about other traces left behind by programs or even swap then xenoid's right (+1) and you need to encrypt everything, or write nothing. Maybe look into TAILS
– Xen2050
Jan 15 at 0:23
Thanks. My understanding is that key files provide much stronger security, with passwords increasingly vulnerable to brute force attack by clusters. A password on a private system is used frequently, whether restarting a daemon or installing a package. I see a conflict between the needed convenience of simple passwords and the cryptographic safety of strong ones. Swap could be an issue I would have consider, but as it is less used these days I think that browser and open file history is the much more serious problem. Having a strong key that isn't needed just to call
sudo is a great help.– epl
Jan 15 at 2:48
Thanks. My understanding is that key files provide much stronger security, with passwords increasingly vulnerable to brute force attack by clusters. A password on a private system is used frequently, whether restarting a daemon or installing a package. I see a conflict between the needed convenience of simple passwords and the cryptographic safety of strong ones. Swap could be an issue I would have consider, but as it is less used these days I think that browser and open file history is the much more serious problem. Having a strong key that isn't needed just to call
sudo is a great help.– epl
Jan 15 at 2:48
(1) If I understand you correctly, you want to modify
encryptfs to use a key file in a certain location (e.g. a mounted USB stick) instead of a password. That should be possible in principle, but will require to understand how a login with encryptfs works (which I don't, I'd have to read the code) and modify it accordingly. So it's doable, but requires effort and programming knowledge. (2) You can sandbox a user in any way you want, (a) by making sure all other permissions are restrictive, (b) with chroot and bind mounts (docker-style), or possibly in other ways.– dirkt
Jan 15 at 9:06
(1) If I understand you correctly, you want to modify
encryptfs to use a key file in a certain location (e.g. a mounted USB stick) instead of a password. That should be possible in principle, but will require to understand how a login with encryptfs works (which I don't, I'd have to read the code) and modify it accordingly. So it's doable, but requires effort and programming knowledge. (2) You can sandbox a user in any way you want, (a) by making sure all other permissions are restrictive, (b) with chroot and bind mounts (docker-style), or possibly in other ways.– dirkt
Jan 15 at 9:06
Due to stability concerns, I am specifically avoiding a homegrown solution such as a quick modification to encryptfs. I am rather inquiring about a pre-existing, tested solution with similar effect but different or additional features, including flexibility about key type and location. It would also be interesting to know whether solutions exist that support stacking other cryptographic file systems (e.g. encfs or successors) per user for home data. Essentially, I would want to combine the automation of
ecrypt-migrate-home with other features in general use for partially encrypted systems.– epl
Jan 16 at 0:09
Due to stability concerns, I am specifically avoiding a homegrown solution such as a quick modification to encryptfs. I am rather inquiring about a pre-existing, tested solution with similar effect but different or additional features, including flexibility about key type and location. It would also be interesting to know whether solutions exist that support stacking other cryptographic file systems (e.g. encfs or successors) per user for home data. Essentially, I would want to combine the automation of
ecrypt-migrate-home with other features in general use for partially encrypted systems.– epl
Jan 16 at 0:09
So is the consensus that the only existing out-of-the-box solution for user-level home directory encryption is
ecrypt-migrate-home, which has the following restrictions?: 1) No support for keys stored externally, or otherwise different from the user password? 2) No support for encrypted file systems other than eCryptfs?– epl
Jan 19 at 8:04
So is the consensus that the only existing out-of-the-box solution for user-level home directory encryption is
ecrypt-migrate-home, which has the following restrictions?: 1) No support for keys stored externally, or otherwise different from the user password? 2) No support for encrypted file systems other than eCryptfs?– epl
Jan 19 at 8:04
add a comment |
1 Answer
1
active
oldest
votes
This was going to be a comment because it doesn't really answers your question, but ends up being a bit too long...
If the attacker connects to the system when you are logged in and have "opened" the encrypted bits (which is most of the time when the PC is turned on...), then it has access to then contents "over your shoulder".
So encrypting (parts of) the disk is only useful to prevent access to that data by strangers in case of loss of theft of the computer/disk. If so what are the chances that your USB "dongle" is stolen/lost at the same time?
And how do you encrypt the USB key contents, because these could be quickly copied to another key... unless you also protect them by password, but then you have a a password and a USB key instead of just a password.
Consider also that it is a good idea to encrypt your boot disk. Otherwise someone could alter it and add software that waits for your part to be unlocked (and either catches the "key", or just bluntly copies/uploads the data elsewhere).
Maybe your desired use case is not discussed much because it is not as safe as it looks or there are more practical alternatives for the same safety levels.
PS:
What is badly needed is a sandbox that guarantees that the user (which has no root access) cannot write any data outside the encrypted store.
Then you have to encrypt you whole home directory (and maybe /tmp as well) if you want to be able to use any application.
answered Jan 14 at 21:04
xenoidxenoid
3,6783718
add a comment |
Your Answer
StackExchange.ready(function() {
var channelOptions = {
tags: "".split(" "),
id: "3"
};
initTagRenderer("".split(" "), "".split(" "), channelOptions);
StackExchange.using("externalEditor", function() {
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled) {
StackExchange.using("snippets", function() {
createEditor();
});
}
else {
createEditor();
}
});
function createEditor() {
StackExchange.prepareEditor({
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: true,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: 10,
bindNavPrevention: true,
postfix: "",
imageUploader: {
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
},
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
});
}
});
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsuperuser.com%2fquestions%2f1394246%2fkey-file-for-linux-home-encryption%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
1 Answer
1
active
oldest
votes
1 Answer
1
active
oldest
votes
active
oldest
votes
active
oldest
votes
This was going to be a comment because it doesn't really answers your question, but ends up being a bit too long...
If the attacker connects to the system when you are logged in and have "opened" the encrypted bits (which is most of the time when the PC is turned on...), then it has access to then contents "over your shoulder".
So encrypting (parts of) the disk is only useful to prevent access to that data by strangers in case of loss of theft of the computer/disk. If so what are the chances that your USB "dongle" is stolen/lost at the same time?
And how do you encrypt the USB key contents, because these could be quickly copied to another key... unless you also protect them by password, but then you have a a password and a USB key instead of just a password.
Consider also that it is a good idea to encrypt your boot disk. Otherwise someone could alter it and add software that waits for your part to be unlocked (and either catches the "key", or just bluntly copies/uploads the data elsewhere).
Maybe your desired use case is not discussed much because it is not as safe as it looks or there are more practical alternatives for the same safety levels.
PS:
What is badly needed is a sandbox that guarantees that the user (which has no root access) cannot write any data outside the encrypted store.
Then you have to encrypt you whole home directory (and maybe /tmp as well) if you want to be able to use any application.
answered Jan 14 at 21:04
xenoidxenoid
3,6783718
add a comment |
This was going to be a comment because it doesn't really answers your question, but ends up being a bit too long...
If the attacker connects to the system when you are logged in and have "opened" the encrypted bits (which is most of the time when the PC is turned on...), then it has access to then contents "over your shoulder".
So encrypting (parts of) the disk is only useful to prevent access to that data by strangers in case of loss of theft of the computer/disk. If so what are the chances that your USB "dongle" is stolen/lost at the same time?
And how do you encrypt the USB key contents, because these could be quickly copied to another key... unless you also protect them by password, but then you have a a password and a USB key instead of just a password.
Consider also that it is a good idea to encrypt your boot disk. Otherwise someone could alter it and add software that waits for your part to be unlocked (and either catches the "key", or just bluntly copies/uploads the data elsewhere).
Maybe your desired use case is not discussed much because it is not as safe as it looks or there are more practical alternatives for the same safety levels.
PS:
What is badly needed is a sandbox that guarantees that the user (which has no root access) cannot write any data outside the encrypted store.
Then you have to encrypt you whole home directory (and maybe /tmp as well) if you want to be able to use any application.
answered Jan 14 at 21:04
xenoidxenoid
3,6783718
add a comment |
This was going to be a comment because it doesn't really answers your question, but ends up being a bit too long...
If the attacker connects to the system when you are logged in and have "opened" the encrypted bits (which is most of the time when the PC is turned on...), then it has access to then contents "over your shoulder".
So encrypting (parts of) the disk is only useful to prevent access to that data by strangers in case of loss of theft of the computer/disk. If so what are the chances that your USB "dongle" is stolen/lost at the same time?
And how do you encrypt the USB key contents, because these could be quickly copied to another key... unless you also protect them by password, but then you have a a password and a USB key instead of just a password.
Consider also that it is a good idea to encrypt your boot disk. Otherwise someone could alter it and add software that waits for your part to be unlocked (and either catches the "key", or just bluntly copies/uploads the data elsewhere).
Maybe your desired use case is not discussed much because it is not as safe as it looks or there are more practical alternatives for the same safety levels.
PS:
What is badly needed is a sandbox that guarantees that the user (which has no root access) cannot write any data outside the encrypted store.
Then you have to encrypt you whole home directory (and maybe /tmp as well) if you want to be able to use any application.
answered Jan 14 at 21:04
xenoidxenoid
3,6783718
This was going to be a comment because it doesn't really answers your question, but ends up being a bit too long...
If the attacker connects to the system when you are logged in and have "opened" the encrypted bits (which is most of the time when the PC is turned on...), then it has access to then contents "over your shoulder".
So encrypting (parts of) the disk is only useful to prevent access to that data by strangers in case of loss of theft of the computer/disk. If so what are the chances that your USB "dongle" is stolen/lost at the same time?
And how do you encrypt the USB key contents, because these could be quickly copied to another key... unless you also protect them by password, but then you have a a password and a USB key instead of just a password.
Consider also that it is a good idea to encrypt your boot disk. Otherwise someone could alter it and add software that waits for your part to be unlocked (and either catches the "key", or just bluntly copies/uploads the data elsewhere).
Maybe your desired use case is not discussed much because it is not as safe as it looks or there are more practical alternatives for the same safety levels.
PS:
What is badly needed is a sandbox that guarantees that the user (which has no root access) cannot write any data outside the encrypted store.
Then you have to encrypt you whole home directory (and maybe /tmp as well) if you want to be able to use any application.
answered Jan 14 at 21:04
xenoidxenoid
3,6783718
answered Jan 14 at 21:04
xenoidxenoid
3,6783718
answered Jan 14 at 21:04
xenoidxenoid
3,6783718
answered Jan 14 at 21:04
xenoidxenoid
3,6783718
3,6783718
add a comment |
add a comment |
Thanks for contributing an answer to Super User!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsuperuser.com%2fquestions%2f1394246%2fkey-file-for-linux-home-encryption%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
You're literally talking about an encrypted home, with eCryptfs. Strong passwords can be quick to type... like this sentence could be one. Or you're only looking for a keyfile specifically to login? But if you're worried about other traces left behind by programs or even swap then xenoid's right (+1) and you need to encrypt everything, or write nothing. Maybe look into TAILS
– Xen2050
Jan 15 at 0:23
Thanks. My understanding is that key files provide much stronger security, with passwords increasingly vulnerable to brute force attack by clusters. A password on a private system is used frequently, whether restarting a daemon or installing a package. I see a conflict between the needed convenience of simple passwords and the cryptographic safety of strong ones. Swap could be an issue I would have consider, but as it is less used these days I think that browser and open file history is the much more serious problem. Having a strong key that isn't needed just to call
sudois a great help.– epl
Jan 15 at 2:48
(1) If I understand you correctly, you want to modify
encryptfsto use a key file in a certain location (e.g. a mounted USB stick) instead of a password. That should be possible in principle, but will require to understand how a login withencryptfsworks (which I don't, I'd have to read the code) and modify it accordingly. So it's doable, but requires effort and programming knowledge. (2) You can sandbox a user in any way you want, (a) by making sure all other permissions are restrictive, (b) withchrootand bind mounts (docker-style), or possibly in other ways.– dirkt
Jan 15 at 9:06
Due to stability concerns, I am specifically avoiding a homegrown solution such as a quick modification to encryptfs. I am rather inquiring about a pre-existing, tested solution with similar effect but different or additional features, including flexibility about key type and location. It would also be interesting to know whether solutions exist that support stacking other cryptographic file systems (e.g. encfs or successors) per user for home data. Essentially, I would want to combine the automation of
ecrypt-migrate-homewith other features in general use for partially encrypted systems.– epl
Jan 16 at 0:09
So is the consensus that the only existing out-of-the-box solution for user-level home directory encryption is
ecrypt-migrate-home, which has the following restrictions?: 1) No support for keys stored externally, or otherwise different from the user password? 2) No support for encrypted file systems other than eCryptfs?– epl
Jan 19 at 8:04