encryption of directory and of disk
Clash Royale CLAN TAG#URR8PPP up vote
1
down vote
favorite
When I install the Ubuntu16.04, it seems that encrypting the home folder is possible.
I just want to know what it means. I've never selected it before. What will be different if I select it?
If we can encrypt the home folder, is it possible the encrypt any other directory? is it possible to encrypt a disk (for example the system is installed in /dev/sda and I want to encrypt the /dev/sdb)?
partitioning encryption
asked Jan 29 at 1:05
Yves
345316
add a comment |Â
up vote
1
down vote
favorite
When I install the Ubuntu16.04, it seems that encrypting the home folder is possible.
I just want to know what it means. I've never selected it before. What will be different if I select it?
If we can encrypt the home folder, is it possible the encrypt any other directory? is it possible to encrypt a disk (for example the system is installed in /dev/sda and I want to encrypt the /dev/sdb)?
partitioning encryption
asked Jan 29 at 1:05
Yves
345316
add a comment |Â
up vote
1
down vote
favorite
up vote
1
down vote
favorite
When I install the Ubuntu16.04, it seems that encrypting the home folder is possible.
I just want to know what it means. I've never selected it before. What will be different if I select it?
If we can encrypt the home folder, is it possible the encrypt any other directory? is it possible to encrypt a disk (for example the system is installed in /dev/sda and I want to encrypt the /dev/sdb)?
partitioning encryption
asked Jan 29 at 1:05
Yves
345316
When I install the Ubuntu16.04, it seems that encrypting the home folder is possible.
I just want to know what it means. I've never selected it before. What will be different if I select it?
If we can encrypt the home folder, is it possible the encrypt any other directory? is it possible to encrypt a disk (for example the system is installed in /dev/sda and I want to encrypt the /dev/sdb)?
partitioning encryption
partitioning encryption
asked Jan 29 at 1:05
Yves
345316
asked Jan 29 at 1:05
Yves
345316
asked Jan 29 at 1:05
Yves
345316
asked Jan 29 at 1:05
Yves
345316
asked Jan 29 at 1:05
Yves
345316
345316
add a comment |Â
add a comment |Â
1 Answer
1
active
oldest
votes
up vote
2
down vote
accepted
Choosing that option will enable file-based encryption of files within your home folder. For this Ubuntu uses eCryptFS, a filesystem driver that it mounts into your home directory while you are logged in, performing encryption and decryption transparently.
This setting makes it very easy and transparent to do so - it's just a simple check box and you don't need to worry about mounting and unmounting, where you store the backing (encrypted) data, managing keys and settings, etc. Ubuntu does it all for you. But, it is limited to just the circumstances laid out here: your home directory, using your account password.
This is file-based on the fly encryption, so on disk the files are stored with each other encrypted individually under a directory usually called .Private.
You can use the ecryptfs-setup-private tool to automate some of the work of setting up other encrypted directories on your system.
If you want to encrypt a whole block device such as /dev/sda then you need block-based encryption, not file-based encryption. The tool you want is cryptsetup. Cryptsetup sets up and manages LUKS based encryption - a common format of block based encryption. Note that encrypting an entire system (including the root) carries added complexity due to the need to boot from the system.
answered Jan 29 at 1:29
thomasrutter
25.5k46086
Very helpful answer. Thanks a lot. One more question: what doesencrypt a filemean? Saying that we are working on a same Ubuntu system. If you encrypt your home folder, does it mean that I will get Mojibake if I try to read your files in your home folder?
– Yves
Jan 29 at 1:47
Yes, the files are only available in their decrypted form after the user logs in with their password. Other users, even with root access or physical access (eg if someone breaks in or steals a laptop), cannot read the file contents while in their encrypted state.
– thomasrutter
Jan 29 at 2:45
add a comment |Â
1 Answer
1
active
oldest
votes
1 Answer
1
active
oldest
votes
active
oldest
votes
active
oldest
votes
up vote
2
down vote
accepted
Choosing that option will enable file-based encryption of files within your home folder. For this Ubuntu uses eCryptFS, a filesystem driver that it mounts into your home directory while you are logged in, performing encryption and decryption transparently.
This setting makes it very easy and transparent to do so - it's just a simple check box and you don't need to worry about mounting and unmounting, where you store the backing (encrypted) data, managing keys and settings, etc. Ubuntu does it all for you. But, it is limited to just the circumstances laid out here: your home directory, using your account password.
This is file-based on the fly encryption, so on disk the files are stored with each other encrypted individually under a directory usually called .Private.
You can use the ecryptfs-setup-private tool to automate some of the work of setting up other encrypted directories on your system.
If you want to encrypt a whole block device such as /dev/sda then you need block-based encryption, not file-based encryption. The tool you want is cryptsetup. Cryptsetup sets up and manages LUKS based encryption - a common format of block based encryption. Note that encrypting an entire system (including the root) carries added complexity due to the need to boot from the system.
answered Jan 29 at 1:29
thomasrutter
25.5k46086
Very helpful answer. Thanks a lot. One more question: what doesencrypt a filemean? Saying that we are working on a same Ubuntu system. If you encrypt your home folder, does it mean that I will get Mojibake if I try to read your files in your home folder?
– Yves
Jan 29 at 1:47
Yes, the files are only available in their decrypted form after the user logs in with their password. Other users, even with root access or physical access (eg if someone breaks in or steals a laptop), cannot read the file contents while in their encrypted state.
– thomasrutter
Jan 29 at 2:45
add a comment |Â
up vote
2
down vote
accepted
Choosing that option will enable file-based encryption of files within your home folder. For this Ubuntu uses eCryptFS, a filesystem driver that it mounts into your home directory while you are logged in, performing encryption and decryption transparently.
This setting makes it very easy and transparent to do so - it's just a simple check box and you don't need to worry about mounting and unmounting, where you store the backing (encrypted) data, managing keys and settings, etc. Ubuntu does it all for you. But, it is limited to just the circumstances laid out here: your home directory, using your account password.
This is file-based on the fly encryption, so on disk the files are stored with each other encrypted individually under a directory usually called .Private.
You can use the ecryptfs-setup-private tool to automate some of the work of setting up other encrypted directories on your system.
If you want to encrypt a whole block device such as /dev/sda then you need block-based encryption, not file-based encryption. The tool you want is cryptsetup. Cryptsetup sets up and manages LUKS based encryption - a common format of block based encryption. Note that encrypting an entire system (including the root) carries added complexity due to the need to boot from the system.
answered Jan 29 at 1:29
thomasrutter
25.5k46086
Very helpful answer. Thanks a lot. One more question: what doesencrypt a filemean? Saying that we are working on a same Ubuntu system. If you encrypt your home folder, does it mean that I will get Mojibake if I try to read your files in your home folder?
– Yves
Jan 29 at 1:47
Yes, the files are only available in their decrypted form after the user logs in with their password. Other users, even with root access or physical access (eg if someone breaks in or steals a laptop), cannot read the file contents while in their encrypted state.
– thomasrutter
Jan 29 at 2:45
add a comment |Â
up vote
2
down vote
accepted
up vote
2
down vote
accepted
Choosing that option will enable file-based encryption of files within your home folder. For this Ubuntu uses eCryptFS, a filesystem driver that it mounts into your home directory while you are logged in, performing encryption and decryption transparently.
This setting makes it very easy and transparent to do so - it's just a simple check box and you don't need to worry about mounting and unmounting, where you store the backing (encrypted) data, managing keys and settings, etc. Ubuntu does it all for you. But, it is limited to just the circumstances laid out here: your home directory, using your account password.
This is file-based on the fly encryption, so on disk the files are stored with each other encrypted individually under a directory usually called .Private.
You can use the ecryptfs-setup-private tool to automate some of the work of setting up other encrypted directories on your system.
If you want to encrypt a whole block device such as /dev/sda then you need block-based encryption, not file-based encryption. The tool you want is cryptsetup. Cryptsetup sets up and manages LUKS based encryption - a common format of block based encryption. Note that encrypting an entire system (including the root) carries added complexity due to the need to boot from the system.
answered Jan 29 at 1:29
thomasrutter
25.5k46086
Choosing that option will enable file-based encryption of files within your home folder. For this Ubuntu uses eCryptFS, a filesystem driver that it mounts into your home directory while you are logged in, performing encryption and decryption transparently.
This setting makes it very easy and transparent to do so - it's just a simple check box and you don't need to worry about mounting and unmounting, where you store the backing (encrypted) data, managing keys and settings, etc. Ubuntu does it all for you. But, it is limited to just the circumstances laid out here: your home directory, using your account password.
This is file-based on the fly encryption, so on disk the files are stored with each other encrypted individually under a directory usually called .Private.
You can use the ecryptfs-setup-private tool to automate some of the work of setting up other encrypted directories on your system.
If you want to encrypt a whole block device such as /dev/sda then you need block-based encryption, not file-based encryption. The tool you want is cryptsetup. Cryptsetup sets up and manages LUKS based encryption - a common format of block based encryption. Note that encrypting an entire system (including the root) carries added complexity due to the need to boot from the system.
answered Jan 29 at 1:29
thomasrutter
25.5k46086
answered Jan 29 at 1:29
thomasrutter
25.5k46086
answered Jan 29 at 1:29
thomasrutter
25.5k46086
answered Jan 29 at 1:29
thomasrutter
25.5k46086
25.5k46086
Very helpful answer. Thanks a lot. One more question: what doesencrypt a filemean? Saying that we are working on a same Ubuntu system. If you encrypt your home folder, does it mean that I will get Mojibake if I try to read your files in your home folder?
– Yves
Jan 29 at 1:47
Yes, the files are only available in their decrypted form after the user logs in with their password. Other users, even with root access or physical access (eg if someone breaks in or steals a laptop), cannot read the file contents while in their encrypted state.
– thomasrutter
Jan 29 at 2:45
add a comment |Â
Very helpful answer. Thanks a lot. One more question: what doesencrypt a filemean? Saying that we are working on a same Ubuntu system. If you encrypt your home folder, does it mean that I will get Mojibake if I try to read your files in your home folder?
– Yves
Jan 29 at 1:47
Yes, the files are only available in their decrypted form after the user logs in with their password. Other users, even with root access or physical access (eg if someone breaks in or steals a laptop), cannot read the file contents while in their encrypted state.
– thomasrutter
Jan 29 at 2:45
Very helpful answer. Thanks a lot. One more question: what does
encrypt a file mean? Saying that we are working on a same Ubuntu system. If you encrypt your home folder, does it mean that I will get Mojibake if I try to read your files in your home folder?– Yves
Jan 29 at 1:47
Very helpful answer. Thanks a lot. One more question: what does
encrypt a file mean? Saying that we are working on a same Ubuntu system. If you encrypt your home folder, does it mean that I will get Mojibake if I try to read your files in your home folder?– Yves
Jan 29 at 1:47
Yes, the files are only available in their decrypted form after the user logs in with their password. Other users, even with root access or physical access (eg if someone breaks in or steals a laptop), cannot read the file contents while in their encrypted state.
– thomasrutter
Jan 29 at 2:45
Yes, the files are only available in their decrypted form after the user logs in with their password. Other users, even with root access or physical access (eg if someone breaks in or steals a laptop), cannot read the file contents while in their encrypted state.
– thomasrutter
Jan 29 at 2:45
add a comment |Â
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
var $window = $(window),
onScroll = function(e)
var $elem = $('.new-login-left'),
docViewTop = $window.scrollTop(),
docViewBottom = docViewTop + $window.height(),
elemTop = $elem.offset().top,
elemBottom = elemTop + $elem.height();
if ((docViewTop elemBottom))
StackExchange.using('gps', function() StackExchange.gps.track('embedded_signup_form.view', location: 'question_page' ); );
$window.unbind('scroll', onScroll);
;
$window.on('scroll', onScroll);
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2faskubuntu.com%2fquestions%2f1000824%2fencryption-of-directory-and-of-disk%23new-answer', 'question_page');
);
Post as a guest
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
var $window = $(window),
onScroll = function(e)
var $elem = $('.new-login-left'),
docViewTop = $window.scrollTop(),
docViewBottom = docViewTop + $window.height(),
elemTop = $elem.offset().top,
elemBottom = elemTop + $elem.height();
if ((docViewTop elemBottom))
StackExchange.using('gps', function() StackExchange.gps.track('embedded_signup_form.view', location: 'question_page' ); );
$window.unbind('scroll', onScroll);
;
$window.on('scroll', onScroll);
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
var $window = $(window),
onScroll = function(e)
var $elem = $('.new-login-left'),
docViewTop = $window.scrollTop(),
docViewBottom = docViewTop + $window.height(),
elemTop = $elem.offset().top,
elemBottom = elemTop + $elem.height();
if ((docViewTop elemBottom))
StackExchange.using('gps', function() StackExchange.gps.track('embedded_signup_form.view', location: 'question_page' ); );
$window.unbind('scroll', onScroll);
;
$window.on('scroll', onScroll);
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
var $window = $(window),
onScroll = function(e)
var $elem = $('.new-login-left'),
docViewTop = $window.scrollTop(),
docViewBottom = docViewTop + $window.height(),
elemTop = $elem.offset().top,
elemBottom = elemTop + $elem.height();
if ((docViewTop elemBottom))
StackExchange.using('gps', function() StackExchange.gps.track('embedded_signup_form.view', location: 'question_page' ); );
$window.unbind('scroll', onScroll);
;
$window.on('scroll', onScroll);
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password