How could I encrypt Linux Mint
Forum rules
There are no such things as "stupid" questions. However if you think your question is a bit stupid, then this is the right place for you to post it. Stick to easy to-the-point questions that you feel people can answer fast. For long and complicated questions use the other forums in the support section.
Before you post read how to get help. Topics in this forum are automatically closed 6 months after creation.
There are no such things as "stupid" questions. However if you think your question is a bit stupid, then this is the right place for you to post it. Stick to easy to-the-point questions that you feel people can answer fast. For long and complicated questions use the other forums in the support section.
Before you post read how to get help. Topics in this forum are automatically closed 6 months after creation.
How could I encrypt Linux Mint
Hi, I'm running the newest version of Mint and I want to encrypt my whole system. Is there a way to do this without reinstalling the OS?
Last edited by LockBot on Wed Dec 28, 2022 7:16 am, edited 1 time in total.
Reason: Topic automatically closed 6 months after creation. New replies are no longer allowed.
Reason: Topic automatically closed 6 months after creation. New replies are no longer allowed.
Re: How could I encrypt Linux Mint
Certainly you can convert an unencrypted file system into something linux-encrypted, but then you have to reprogram Linux to tell it how to unlock the encryption before it tries to mount it. It's not impossibly difficult, but you end up with a non-standard Mint that nobody else can service.
If your intention is to prevent a thief from looking at your private data, you can...
o Re-install Mint using Encrypt-My-OS.
o Make a new user with an encrypted home.
o Add an encrypted Private folder in your existing user's home.
That last one is quite friendly..
o You get to choose your own Mount Passphrase
o You don't have to put everything in there, just your personal data.
o If it gets damaged you can still log in.
Just...
...it makes a miniature encrypted file-system that's mounted over the Private folder when you log in...
If your intention is to prevent a thief from looking at your private data, you can...
o Re-install Mint using Encrypt-My-OS.
o Make a new user with an encrypted home.
o Add an encrypted Private folder in your existing user's home.
That last one is quite friendly..
o You get to choose your own Mount Passphrase
o You don't have to put everything in there, just your personal data.
o If it gets damaged you can still log in.
Just...
ecryptfs-setup-private
...it makes a miniature encrypted file-system that's mounted over the Private folder when you log in...
df -h ~/Private
- /home/mute/.Private 54G 8.2G 43G 16% /home/mute/Private
Re: How could I encrypt Linux Mint
Hi, how about https://www.veracrypt.fr/en/Downloads.htmlMute Ant wrote: ⤴Fri Jul 13, 2018 9:07 am Certainly you can convert an unencrypted file system into something linux-encrypted, but then you have to reprogram Linux to tell it how to unlock the encryption before it tries to mount it. It's not impossibly difficult, but you end up with a non-standard Mint that nobody else can service.
If your intention is to prevent a thief from looking at your private data, you can...
o Re-install Mint using Encrypt-My-OS.
o Make a new user with an encrypted home.
o Add an encrypted Private folder in your existing user's home.
That last one is quite friendly..
o You get to choose your own Mount Passphrase
o You don't have to put everything in there, just your personal data.
o If it gets damaged you can still log in.
Just...
ecryptfs-setup-private
...it makes a miniature encrypted file-system that's mounted over the Private folder when you log in...
df -h ~/Private
- /home/mute/.Private 54G 8.2G 43G 16% /home/mute/Private
Re: How could I encrypt Linux Mint
Is there a way to encrypt directories? For example Documents, Downloads etc. I tried
gpg-zip -c -o file.gpg /home/user/Videos
in the terminal, it asked for my password twice and I gave it. However, when I open the folder Videos(/home/user/Videos), I don't get prompted to enter a password.Re: How could I encrypt Linux Mint
"...how could I make a new user with an encrypted home..." For Mint 19 Mate that's under...
Control Centre: Users and Groups: Add: Encrypt home folder
An encrypted-home user has a couple of extra requirements...
o You can't set that user to log in automatically. Entering the password is part of unlocking the home folder.
o You can't use root or sudo to change that user's account password. The passwd command or the Control Centre when logged in work okay.
...and a couple of suggestions...
o Keep a plain-text copy of the encrypted data on something removable.
o Avoid using suspend or hibernate, switch it right off.
Control Centre: Users and Groups: Add: Encrypt home folder
An encrypted-home user has a couple of extra requirements...
o You can't set that user to log in automatically. Entering the password is part of unlocking the home folder.
o You can't use root or sudo to change that user's account password. The passwd command or the Control Centre when logged in work okay.
...and a couple of suggestions...
o Keep a plain-text copy of the encrypted data on something removable.
o Avoid using suspend or hibernate, switch it right off.
Re: How could I encrypt Linux Mint
From within the admin account
Code: Select all
sudo adduser --encrypt-home userName
If you require the account to have sudo privileges
Code: Select all
visudo -f /etc/sudoers
Code: Select all
userName ALL=(ALL:ALL) ALL
Re: How could I encrypt Linux Mint
"...if you require the account to have sudo privileges..."
sudo adduser mute sudo
### Add user 'mute' to the sudo group.Re: How could I encrypt Linux Mint
I managed to create a new user with an encrypted home folder. Is there any way to encrypt the home folder of my original user and is it safe? Could I lose my data?Mattyboy wrote: ⤴Sat Jul 14, 2018 11:07 amFrom within the admin account
Follow the instructions. You may have to install ecryptfs-utils but the terminal will tell you how.Code: Select all
sudo adduser --encrypt-home userName
If you require the account to have sudo privileges
and add at the bottomCode: Select all
visudo -f /etc/sudoers
You'll still need to use the 'admin' password for certain tasks when logged in to this account.Code: Select all
userName ALL=(ALL:ALL) ALL
Re: How could I encrypt Linux Mint
This is about as easy as it gets - just put all your sensitive data in an encrypted container in your home dir and only open it when you need it.whois1230 wrote: ⤴Fri Jul 13, 2018 10:47 am Hi, how about https://www.veracrypt.fr/en/Downloads.html
Re: How could I encrypt Linux Mint
"...could I lose my data..." Yes, at any time, for no reason at all. You should not need to worry about this... because ...all your data is duplicated on removable storage.
"...is there any way to encrypt the home folder of my original user..." Yes. You need lots of free space in your /home folder and be able to log in as root. The command...
...will show you how.
"...is there any way to encrypt the home folder of my original user..." Yes. You need lots of free space in your /home folder and be able to log in as root. The command...
man ecryptfs-migrate-home
...will show you how.
Re: How could I encrypt Linux Mint
How about an USB device? I tried this tutorial https://linux.tips/tutorials/how-to-enc ... ng-system , however I can't get it to work. This is the output I'm getting:Mute Ant wrote: ⤴Sun Jul 15, 2018 6:25 am "...could I lose my data..." Yes, at any time, for no reason at all. You should not need to worry about this... because ...all your data is duplicated on removable storage.
"...is there any way to encrypt the home folder of my original user..." Yes. You need lots of free space in your /home folder and be able to log in as root. The command...
man ecryptfs-migrate-home
...will show you how.
Code: Select all
user@user ~ $ sudo fdisk -l
[sudo] password for user:
Disk /dev/sda: 149.1 GiB, 160041885696 bytes, 312581808 sectors
Units: sectors of 1 * 512 = 512 bytes
Sector size (logical/physical): 512 bytes / 512 bytes
I/O size (minimum/optimal): 512 bytes / 512 bytes
Disklabel type: dos
Disk identifier: 0xe0d53d22
Device Boot Start End Sectors Size Id Type
/dev/sda1 * 2048 304474111 304472064 145.2G 83 Linux
/dev/sda2 304476158 312580095 8103938 3.9G 5 Extended
/dev/sda5 304476160 312580095 8103936 3.9G 82 Linux swap / Solaris
Disk /dev/sdb: 15 GiB, 16034824192 bytes, 31318016 sectors
Units: sectors of 1 * 512 = 512 bytes
Sector size (logical/physical): 512 bytes / 512 bytes
I/O size (minimum/optimal): 512 bytes / 512 bytes
Disklabel type: dos
Disk identifier: 0x06b9b960
Device Boot Start End Sectors Size Id Type
/dev/sdb1 8064 31318015 31309952 15G c W95 FAT32 (LBA)
user@user ~ $ sudo apt-get install cryptsetup
Reading package lists... Done
Building dependency tree
Reading state information... Done
cryptsetup is already the newest version (2:1.6.6-5ubuntu2.1).
0 to upgrade, 0 to newly install, 0 to remove and 0 not to upgrade.
user@user ~ $ sudo cryptsetup luksFormat /dev/sdb
WARNING!
========
This will overwrite data on /dev/sdb irrevocably.
Are you sure? (Type uppercase yes): Yes
user@user ~ $ sudo cryptsetup luksOpen /dev/sdb USBDrive
Device /dev/sdb is not a valid LUKS device.
user@user ~ $ sudo cryptsetup luksOpen /dev/sdb
Command requires device and mapped name as arguments.
user@user ~ $ sudo cryptsetup luksOpen /dev/sdb PHILIPS UFD
Device /dev/sdb is not a valid LUKS device.
user@user ~ $ ls -arlt /dev/mapper | tail
total 0
drwxr-xr-x 2 root root 60 Jul 15 11:42 .
crw------- 1 root root 10, 236 Jul 15 11:42 control
drwxr-xr-x 21 root root 4380 Jul 15 12:00 ..
user@user ~ $ sudo mkfs -t ext4 /dev/mapper/USBDrive
mke2fs 1.42.13 (17-May-2015)
The file /dev/mapper/USBDrive does not exist and no size was specified.
user@user ~ $ sudo cryptsetup luksFormat /dev/sdb
WARNING!
========
This will overwrite data on /dev/sdb irrevocably.
Are you sure? (Type uppercase yes): yes
user@user ~ $ sudo cryptsetup luksOpen /dev/sdb USBDrive
Device /dev/sdb is not a valid LUKS device.
user@user ~ $ sudo cryptsetup luksFormat /dev/sdb
WARNING!
========
This will overwrite data on /dev/sdb irrevocably.
Are you sure? (Type uppercase yes): YES
Enter passphrase:
Verify passphrase:
Cannot format device /dev/sdb which is still in use.
user@user ~ $ sudo cryptsetup luksFormat /dev/sdb
WARNING!
========
This will overwrite data on /dev/sdb irrevocably.
Are you sure? (Type uppercase yes): YES
Enter passphrase:
Verify passphrase:
Cannot format device /dev/sdb which is still in use.
user@user ~ $ sudo cryptsetup luksOpen /dev/sdb USBDrive
Device /dev/sdb is not a valid LUKS device.
user@user ~ $ sudo cryptsetup luksOpen /dev/sdb PHILIPS UFD
Device /dev/sdb is not a valid LUKS device.
user@user ~ $ sudo cryptsetup luksOpen /dev/sdb PHILIPSUFD
Device /dev/sdb is not a valid LUKS device.
user@user ~ $
Last edited by Moem on Sun Jul 15, 2018 7:27 am, edited 1 time in total.
Reason: Swapped the [c] tags out for [code] tags; the code tags retain some formatting that makes your output easier to read.
Reason: Swapped the [c] tags out for [code] tags; the code tags retain some formatting that makes your output easier to read.
Re: How could I encrypt Linux Mint
Certainly you can convert an unencrypted file system into something linux-encrypted, but..."