{"id":268,"date":"2015-12-15T21:58:58","date_gmt":"2015-12-15T20:58:58","guid":{"rendered":"http:\/\/itso.dk\/?p=268"},"modified":"2016-06-29T23:14:31","modified_gmt":"2016-06-29T21:14:31","slug":"encrypt-home-dir-with-ecryptfs-on-fedora","status":"publish","type":"post","link":"https:\/\/blog.itso.dk\/?p=268","title":{"rendered":"Encrypt home dir with ecryptfs on Fedora"},"content":{"rendered":"<p>It is pretty easy to access your unencrypted data, if someone have physical access to your computer.<br \/>\nThat is where ecryptfs encryption comes in. It will make sure your laptop, if lost or otherwise accessed by unauthorised user, is harder to extract data from.<br \/>\nWhen encrypted,data cannot be accessed unless user has entered proper login key, or unlocked via ecryptfs-mount command.<br \/>\nSome caveats: When user logs in, the encrypted homedir is unlocked, making user homedir accessable for root or wheel users, and will remain so untill reboot\/shutdown.<\/p>\n<p>Swapspace can also be encrypted,this though, will disable hibernation ability.<\/p>\n<p><span style=\"font-weight: 400;\">Make sure ecryptfs is\u00a0installed.\u00a0<\/span><span style=\"line-height: 1.5;\">Add user to group ecryptfs,\u00a0<\/span><span style=\"font-weight: 400;\">encrypt homedir. <\/span><\/p>\n<p><span style=\"font-weight: 400;\">Log in as root<\/span><\/p>\n<ul>\n<li style=\"font-weight: 400;\"><span style=\"font-weight: 400;\">dnf install ecryptfs-utils<\/span><\/li>\n<\/ul>\n<ul>\n<li style=\"font-weight: 400;\"><span style=\"font-weight: 400;\">sudo usermod -a -G ecryptfs user<\/span><\/li>\n<li style=\"font-weight: 400;\"><span style=\"font-weight: 400;\">sudo ecryptfs-migrate-home -u user<\/span><\/li>\n<\/ul>\n<p>&nbsp;<\/p>\n<p><span style=\"font-weight: 400;\">Log out root. \u00a0\u00a0NOT REBOOT<\/span><\/p>\n<p>&nbsp;<\/p>\n<p><span style=\"font-weight: 400;\">Login as user and run:<\/span><\/p>\n<ul>\n<li style=\"font-weight: 400;\"><span style=\"font-weight: 400;\">ecryptfs-unwrap-passphrase<\/span><\/li>\n<\/ul>\n<p>When user\/data is checked, and all is present, remember to delete the \/home\/user-?????? folder that was made as backup<\/p>\n<p><span style=\"font-weight: 400;\">Recommended to encrypt swap partition.<\/span><\/p>\n<ul>\n<li style=\"font-weight: 400;\"><span style=\"font-weight: 400;\">ecryptfs-setup-swap<\/span><\/li>\n<li style=\"font-weight: 400;\">reboot<\/li>\n<\/ul>\n<p>To recover an encrypted homedir, login as root\/wheel user, run ecryptfs-recover-private, enter passphrase, navigate to \/tmp\/ecryptfs.xxxxxxxx<\/p>\n<p>&nbsp;<\/p>\n","protected":false},"excerpt":{"rendered":"<p>It is pretty easy to access your unencrypted data, if someone have physical access to your computer. That is where ecryptfs encryption comes in. It will make sure your laptop, if lost or otherwise accessed by unauthorised user, is harder to extract data from. When encrypted,data cannot be accessed unless user has entered proper login &#8230;<\/p>\n<p><a href=\"https:\/\/blog.itso.dk\/?p=268\" class=\"more-link\">Continue reading &lsquo;Encrypt home dir with ecryptfs on Fedora&rsquo; &raquo;<\/a><\/p>\n","protected":false},"author":1,"featured_media":272,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[8],"tags":[39,41,40],"class_list":["post-268","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-linux-tip","tag-enrypt","tag-fedora","tag-linux"],"_links":{"self":[{"href":"https:\/\/blog.itso.dk\/index.php?rest_route=\/wp\/v2\/posts\/268","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/blog.itso.dk\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/blog.itso.dk\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/blog.itso.dk\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/blog.itso.dk\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=268"}],"version-history":[{"count":5,"href":"https:\/\/blog.itso.dk\/index.php?rest_route=\/wp\/v2\/posts\/268\/revisions"}],"predecessor-version":[{"id":373,"href":"https:\/\/blog.itso.dk\/index.php?rest_route=\/wp\/v2\/posts\/268\/revisions\/373"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/blog.itso.dk\/index.php?rest_route=\/wp\/v2\/media\/272"}],"wp:attachment":[{"href":"https:\/\/blog.itso.dk\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=268"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/blog.itso.dk\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=268"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/blog.itso.dk\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=268"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}