Page 1 of 1

How should I encrypt /home after install?

Posted: Wed Apr 18, 2018 2:13 am
by purpletree
I installed Linux Mint 18.3 a few weeks ago and I skipped the encrypt /home check box.
What I'm wondering is: How to encrypt it now?
I'm far from knowing much about encryption but aren't there a number of ways it can be done?
Which way would be comparable to how its done by the installer?
File encryption vs disk encryption.
Which does the installer do?
(I would guess file encryption but would disk encryption not work?)

Re: How should I encrypt /home after install?

Posted: Wed Apr 18, 2018 2:33 am
by administrollaattori
purpletree wrote:
Wed Apr 18, 2018 2:13 am
I installed Linux Mint 18.3 a few weeks ago and I skipped the encrypt /home check box.
What I'm wondering is: How to encrypt it now?
Make a new user account and select encryption.

Re: How should I encrypt /home after install?

Posted: Wed Apr 18, 2018 4:39 pm
by Mute Ant
Ubuntu-Style OS encryption can only be applied during the installation. There are other ways to store most of the OS in encrypted space, useful if you want a Live Session with encrypted persistence like I did. For an installed Mint, it's faster and much better supported to rebuild your OS by re-installing it encrypted.

An encrypted /home is not the same as an encrypted $HOME folder. It looks like a trivial difference but it's not. If you want an encrypted $HOME then administrollaattori has said it all.

Encryption entails a heavy calculation overhead, writing and reading. I get 60MB/s writing straight zeroes into an old PATA drive, only 20MB/s writing via an encryption channel.

Encryption makes data-recovery after a hardware wobbly a lot more difficult. You have to know the password and how to apply it without logging in. Even then, the data can be permanently lost if a key-file gets damaged, so you have to be extra-careful to make at least one plain-text backup and keep it where encryption is not needed.