Encrypting home partition using Veracrypt [solved]

Questions about applications and software
Forum rules
Before you post please read how to get help
Post Reply
linuxheid
Level 3
Level 3
Posts: 162
Joined: Wed Oct 24, 2018 3:31 am

Encrypting home partition using Veracrypt [solved]

Post by linuxheid » Sat Oct 12, 2019 12:00 pm

Hi,

I have just installed Linux Mint 19.2 Cinnamon which appeared to go very smoothly. I would like to deploy encryption and I remember people in this forum previously recommending that instead of using the encryption that ships with Linux I would be better to:

* Install Veracrypt
* Use Veracrypt to encrypt only the home partition

I have installed Veracrypt what seems to have been without issue. However I repeatedly get this error message when I try to encrypt the Home partition:

Auto-mount failed due to one or more of the following:
- Incorrect password.
- Incorrect Volume PIM number:
- Incorrect PRF (hash).
- No valid volume found.
Screenshot from 2019-10-12 23-54-44.png
I don't believe the password is the issue. I say that sense I initially expected to enter a password specific to Veracrypt. That was immediately rejected. When I then changed to the admin password, I seemed to overcome that particular piece of validation. I say that since instead of the immediate error message I received when trying a unique password, Veracrypt instead rolled forward at this point.

Any help guiding me on this is appreciated.
Last edited by linuxheid on Sun Oct 20, 2019 6:24 am, edited 1 time in total.
Linux Mint 19.2 Cinnamon 64 bit

User avatar
majpooper
Level 5
Level 5
Posts: 949
Joined: Thu May 09, 2013 1:56 pm
Location: North Carolina, USA

Re: Encrypting home partition using Veracrypt

Post by majpooper » Sat Oct 12, 2019 12:49 pm

I can only give you my experience with VeraCrypt and encryption I emphasize experience as my actual knowledge and understanding of how encryption works on a technical level is pretty limited. I have always be able to encrypt encrypted containers and empty partitions with VeraCrypt with no problem. I think your problem may have something to with the /home partition not being empty although I can not say for certain - someone more knowledgable with linux/encryption may be able to comment on that.

The good news is if you want to encrypt your /home (or your entire hard drive) that is easily done during the install process.

There are lots of opinions about encryption and how useful it really is in terms of encrypting hard drives and partitions. As far as you /home goes encryption only provides "encrypted security" when you are not using it - in essence it is a form of physical security. The same is true even if you encrypt the entire linux partition. So if you are looking for a bit of physical security it will work to a degree. I encrypted my entire hard drive in the past only to be made aware that my computer was still vulnerable because the MBR was not encrypted. So to really do what I was trying to accomplish I would have to encrypt my entire hard drive and put the MBR on a separate USB drive that I kept in my possession.

What I decided was to make a few encrypted containers in which I keep my sensitive records and their back ups (tax stuff mainly) and open them when needed. Anyway that is my take on encryption for what it's worth, but like I said everyone has an opinion and in the end you should do what you feel comfortable with.

User avatar
blueocean
Level 5
Level 5
Posts: 725
Joined: Sun Jul 08, 2018 11:50 pm

Re: Encrypting home partition using Veracrypt

Post by blueocean » Sat Oct 12, 2019 5:44 pm

Encrypting the home folder during install and disabling root login afterwards is pretty secure as far as anyone getting your data, plus rarely issues like you have. I use p7zip (included in Mint) to password protect files or folders. I keep my passwords password protected with Libreoffice Writer, because it's so convenient and really quite secure. I think you can still encrypt the Home directory with the correct process. I'm going to try it on a test run and will post my results. I'm sure some of the big guns on here could guide you on that.
To mark this issue solved, go to your original 1st post and click the edit pencil and add [Solved] at the beginning of the title and click Submit.

User avatar
catweazel
Level 19
Level 19
Posts: 9715
Joined: Fri Oct 12, 2012 9:44 pm
Location: Australian Antarctic Territory

Re: Encrypting home partition using Veracrypt

Post by catweazel » Sat Oct 12, 2019 5:49 pm

linuxheid wrote:
Sat Oct 12, 2019 12:00 pm
I would like to deploy encryption and I remember people in this forum previously recommending that instead of using the encryption that ships with Linux I would be better to:

* Install Veracrypt
* Use Veracrypt to encrypt only the home partition
Look, to be honest, if you have to ask about encryption then you're potentially headed for disaster. Your best course of action is not to encrypt any partitions, but create veracrypt containers that can be safely backed up and stored away for safe keeping. Once you have more linux experience, especially with finding answers for yourself, and with using the command line, then you can consider full drive encryption.

If you go down the full drive or partition encryption path, you must be prepared for disaster.
"There is, ultimately, only one truth -- cogito, ergo sum -- everything else is an assumption." - Me, my swansong.

User avatar
blueocean
Level 5
Level 5
Posts: 725
Joined: Sun Jul 08, 2018 11:50 pm

Re: Encrypting home partition using Veracrypt

Post by blueocean » Sat Oct 12, 2019 6:01 pm

catweazel wrote:
Sat Oct 12, 2019 5:49 pm
linuxheid wrote:
Sat Oct 12, 2019 12:00 pm
I would like to deploy encryption and I remember people in this forum previously recommending that instead of using the encryption that ships with Linux I would be better to:

* Install Veracrypt
* Use Veracrypt to encrypt only the home partition
Look, to be honest, if you have to ask about encryption then you're potentially headed for disaster. Your best course of action is not to encrypt any partitions, but create veracrypt containers that can be safely backed up and stored away for safe keeping. Once you have more linux experience, especially with finding answers for yourself, and with using the command line, then you can consider full drive encryption.

If you go down the full drive or partition encryption path, you must be prepared for disaster.
Yep, encryption is a definite ingredient for disaster :shock:
To mark this issue solved, go to your original 1st post and click the edit pencil and add [Solved] at the beginning of the title and click Submit.

User avatar
blueocean
Level 5
Level 5
Posts: 725
Joined: Sun Jul 08, 2018 11:50 pm

Re: Encrypting home partition using Veracrypt

Post by blueocean » Sat Oct 12, 2019 6:02 pm

blueocean wrote:
Sat Oct 12, 2019 5:44 pm
Encrypting the home folder during install and disabling root login afterwards is pretty secure as far as anyone getting your data, plus rarely issues like you have. I use p7zip (included in Mint) to password protect files or folders. I keep my passwords password protected with Libreoffice Writer, because it's so convenient and really quite secure. I think you can still encrypt the Home directory with the correct process. I'm going to try it on a test run and will post my results. I'm sure some of the big guns on here could guide you on that.
I aborted after the tutorial failed - why am I not surprised :twisted:
To mark this issue solved, go to your original 1st post and click the edit pencil and add [Solved] at the beginning of the title and click Submit.

User avatar
Portreve
Level 8
Level 8
Posts: 2126
Joined: Mon Apr 18, 2011 12:03 am
Location: Florida
Contact:

Re: Encrypting home partition using Veracrypt

Post by Portreve » Sat Oct 12, 2019 8:29 pm

Hello linuxheid!
linuxheid wrote:
Sat Oct 12, 2019 12:00 pm
I have installed Veracrypt what seems to have been without issue. However I repeatedly get this error message when I try to encrypt the Home partition:
I'm not going to try and comment on why what you're doing isn't working, since I really don't know whether it is workable to begin with, much less the ins-and-outs of partition encryption.

However, I'd like to echo the sentiment above that you need to be careful about encryption.

While I do not comment, as a matter of policy, on what the specifics of my own personal security arrangements are, I will tell you some general things.

Unless you're setting your computer up as a true multi-user system, it's probably better to not worry about partition encryption, and simply use the distro installer utility to do a whole hard drive encryption, leaving your user folder itself not separately encrypted.

Veracrypt is a very nice utility, and it particularly shines when it's used to create encrypted disk images, or when used to encrypt partitions on a removable storage device like an SD card or flash drive. It's also great because it's fully multi-platform (GNU+Linux, Mac OS X, Windows) and seems to work just as well on all of them.
Presently rocking LinuxMint 19.2 Cinnamon.

Remember to mark your fixed problem [SOLVED].

Xi does look like Winnie the Pooh. FTCG.

linuxheid
Level 3
Level 3
Posts: 162
Joined: Wed Oct 24, 2018 3:31 am

Re: Encrypting home partition using Veracrypt

Post by linuxheid » Mon Oct 14, 2019 2:44 am

Thanks to everyone who has been kind enough to reply.

Some context if I may on what I am looking to achieve:

* I have an old laptop I have installed linux on to give to a friend who is without a PC
* His tech skills are very basic. Hence I am trying to set this up for him so that it requires minimal additional support (he and I don't live in the same continent)
* I recall a company I worked used to give us laptops that after powering on, the laptop was useless until the user entered the password for the encryption tool to de-encrypt the HDD. That is the level of simplicity I hoped to deploy here
* I started this a while back, then didn't touch it for a while. Encryption is pretty much the only thing still outstanding that I intended to complete
* In previous threads on this forum, I recall being advised to install Veracrypt to encrypt the home partition but not any others so that in case of issue, that increase the ease of troubleshooting
* I suspect asking my friend to use 7 zip will be too much for him. Ive used 7 zip for years on Windows and also have it on my linux partition. I can't even seem to install it though in Cinnamon 19.2 for the laptop I am putting together for my friend. I can find it in software manager but when I click "launch", nothing happens
Linux Mint 19.2 Cinnamon 64 bit

User avatar
catweazel
Level 19
Level 19
Posts: 9715
Joined: Fri Oct 12, 2012 9:44 pm
Location: Australian Antarctic Territory

Re: Encrypting home partition using Veracrypt

Post by catweazel » Mon Oct 14, 2019 3:08 am

linuxheid wrote:
Mon Oct 14, 2019 2:44 am
* I have an old laptop I have installed linux on to give to a friend who is without a PC
Nothing more need be said. If you implement encryption then you are setting your friend up for failure if his experience with linux is limited.
"There is, ultimately, only one truth -- cogito, ergo sum -- everything else is an assumption." - Me, my swansong.

User avatar
majpooper
Level 5
Level 5
Posts: 949
Joined: Thu May 09, 2013 1:56 pm
Location: North Carolina, USA

Re: Encrypting home partition using Veracrypt

Post by majpooper » Mon Oct 14, 2019 11:41 am

linuxheid wrote:
Mon Oct 14, 2019 2:44 am
* I recall a company I worked used to give us laptops that after powering on, the laptop was useless until the user entered the password for the encryption tool to de-encrypt the HDD. That is the level of simplicity I hoped to deploy here
I get it that this provides a limited level of physical security but the MBR is not encrypted so the laptop is still vulnerable unless the MBR is on an USB drive separate from the laptop. Add the other complexities encryption can bring about it just does not seem like a good idea especially for someone who is not computer savy. Emphasizing using a strong password for the laptop would be a better option IMHO.

User avatar
pbear
Level 8
Level 8
Posts: 2412
Joined: Wed Jun 21, 2017 12:25 pm
Location: San Francisco

Re: Encrypting home partition using Veracrypt

Post by pbear » Mon Oct 14, 2019 12:57 pm

linuxheid wrote:
Mon Oct 14, 2019 2:44 am
I recall being advised to install Veracrypt to encrypt the home partition but not any others
I'm pretty sure you recall incorrectly. Can't say I've seen every single encryption thread, but I've read most of them the past couple years. What has been said often is that Veracrypt is a safer alternative, not that it's a means of encrypting the home folder or partition. And if someone said that, I'm pretty sure they were mistaken. Something of the sort can be done in Windows - have never done it and don't recall details - but not Linux.

What Veracrypt would give your friend is a safe place to stash sensitive files. I use a USB flash drive, backed up to another similarly encrypted flash drive. The container also can be a file on the internal drive (any size, within reason) which is backed up with all the other data files.
Time flies like an arrow. Fruit flies like a banana.
If your problem has been solved, please edit the thread title.

linuxheid
Level 3
Level 3
Posts: 162
Joined: Wed Oct 24, 2018 3:31 am

Re: Encrypting home partition using Veracrypt

Post by linuxheid » Sat Oct 19, 2019 2:30 am

Thanks folks for replying. I am going to back off with both Veracrypt and encryption. Instead I will ship the laptop without both as recommended in this this thread.
Linux Mint 19.2 Cinnamon 64 bit

linuxheid
Level 3
Level 3
Posts: 162
Joined: Wed Oct 24, 2018 3:31 am

Re: Encrypting home partition using Veracrypt [Solved]

Post by linuxheid » Sat Oct 19, 2019 3:07 am

Marking as solved
Linux Mint 19.2 Cinnamon 64 bit

Post Reply

Return to “Software & Applications”