How should I encrypt /home after install?

All Gurus once were Newbies
Forum rules
There are no such things as "stupid" questions. However if you think your question is a bit stupid, then this is the right place for you to post it. Please stick to easy to-the-point questions that you feel people can answer fast. For long and complicated questions prefer the other forums within the support section.
Before you post please read how to get help
Post Reply
purpletree
Level 1
Level 1
Posts: 22
Joined: Tue Apr 10, 2018 12:55 am

How should I encrypt /home after install?

Post by purpletree » Wed Apr 18, 2018 2:13 am

I installed Linux Mint 18.3 a few weeks ago and I skipped the encrypt /home check box.
What I'm wondering is: How to encrypt it now?
I'm far from knowing much about encryption but aren't there a number of ways it can be done?
Which way would be comparable to how its done by the installer?
File encryption vs disk encryption.
Which does the installer do?
(I would guess file encryption but would disk encryption not work?)

User avatar
administrollaattori
Level 15
Level 15
Posts: 5887
Joined: Tue Sep 03, 2013 4:51 am
Location: Finland
Contact:

Re: How should I encrypt /home after install?

Post by administrollaattori » Wed Apr 18, 2018 2:33 am

purpletree wrote:
Wed Apr 18, 2018 2:13 am
I installed Linux Mint 18.3 a few weeks ago and I skipped the encrypt /home check box.
What I'm wondering is: How to encrypt it now?
Make a new user account and select encryption.

Mute Ant
Level 14
Level 14
Posts: 5135
Joined: Tue Sep 03, 2013 7:45 pm
Location: Norfolk UK

Re: How should I encrypt /home after install?

Post by Mute Ant » Wed Apr 18, 2018 4:39 pm

Ubuntu-Style OS encryption can only be applied during the installation. There are other ways to store most of the OS in encrypted space, useful if you want a Live Session with encrypted persistence like I did. For an installed Mint, it's faster and much better supported to rebuild your OS by re-installing it encrypted.

An encrypted /home is not the same as an encrypted $HOME folder. It looks like a trivial difference but it's not. If you want an encrypted $HOME then administrollaattori has said it all.

Encryption entails a heavy calculation overhead, writing and reading. I get 60MB/s writing straight zeroes into an old PATA drive, only 20MB/s writing via an encryption channel.

Encryption makes data-recovery after a hardware wobbly a lot more difficult. You have to know the password and how to apply it without logging in. Even then, the data can be permanently lost if a key-file gets damaged, so you have to be extra-careful to make at least one plain-text backup and keep it where encryption is not needed.
While you're waiting, read the free novel we sent you. It's a Spanish story about a guy named "manual".

Post Reply

Return to “Newbie Questions”