[NCLUG] Fun project: Paranoid security for encrypted
David E. Auter
ptolemy_optics at comcast.net
Thu Apr 13 12:54:47 MDT 2017
On 04/12/2017 07:33 PM, Grant Johnson wrote:
> Encrypt the home:
> ecryptfs-migrate-home -u grant
It is also advisable to encrypt your swap (if it is not already) since
decrypted file contents may be swapped to disk at anytime:
ecryptfs-setup-swap
This may affect your system's ability to suspend/hibernate (I think
suspend is handled well on most distributions but guides on ecryptfs
still warn about both).
I would also advise you to run the command:
ecryptfs-unwrap-passphrase /keys/grant/.ecryptfs/wrapped-passphrase
Write down the output of this command and store it in a save place. It
can be used for data recovery should you lose your usb key.
More information about the NCLUG
mailing list