[NCLUG] Fun project: Paranoid security for encrypted

David E. Auter ptolemy_optics at comcast.net
Thu Apr 13 12:54:47 MDT 2017


On 04/12/2017 07:33 PM, Grant Johnson wrote:
> Encrypt the home:
> ecryptfs-migrate-home -u grant

It is also advisable to encrypt your swap (if it is not already) since
decrypted file contents may be swapped to disk at anytime:

ecryptfs-setup-swap

This may affect your system's ability to suspend/hibernate (I think
suspend is handled well on most distributions but guides on ecryptfs
still warn about both).

I would also advise you to run the command:

ecryptfs-unwrap-passphrase /keys/grant/.ecryptfs/wrapped-passphrase

Write down the output of this command and store it in a save place. It
can be used for data recovery should you lose your usb key.


More information about the NCLUG mailing list