[Solved] Encrypting home folder with eCryptfs

Questions about Grub, the liveCD and the installer
Forum rules
Before you post please read how to get help
Post Reply
DeltaTango
Level 2
Level 2
Posts: 86
Joined: Tue May 10, 2016 4:25 am

[Solved] Encrypting home folder with eCryptfs

Post by DeltaTango » Fri Feb 08, 2019 5:26 pm

Hello to all.
I am trying to install LMDE 3 Cinnamon (this part works fine and out-of-the-box) but with home encryption, or if not available, full-disk encryption.
The LMDE 3 release notes state that "An alternative installer, called Calamares, is available in the application menu. This installer provides support for full-disk encryption and advanced partitioning." However? I cannot find how to start installation with Calamares from the live session : there is no program called calamares in the main menu ; the "Install Linux Min" starts the regular installer ...

How the heck does one use Calamares for installation ?
Last edited by DeltaTango on Sat Feb 09, 2019 5:08 am, edited 3 times in total.

ajgringo619
Level 6
Level 6
Posts: 1479
Joined: Thu Mar 01, 2018 8:36 pm
Location: San Diego, California, USA

Re: using Calamares for encryption : where is it ?

Post by ajgringo619 » Fri Feb 08, 2019 7:31 pm

I believe I had to install it first. From the terminal:

Code: Select all

sudo apt install calamares
calamares
Mint 19.2 XFCE
kernel 4.15.0-72-generic
AMD FX-8350 Eight-Core w/16 GB RAM
Nvidia GeForce 960 w/2GB RAM (440.36)
Image

DeltaTango
Level 2
Level 2
Posts: 86
Joined: Tue May 10, 2016 4:25 am

Re: using Calamares for encryption : where is it ?

Post by DeltaTango » Fri Feb 08, 2019 7:52 pm

ajgringo619 wrote:
Fri Feb 08, 2019 7:31 pm
I believe I had to install it first. From the terminal:

Code: Select all

sudo apt install calamares
calamares
Yes, indeed. Actually, I found out that the version of the iso image of LMDE that was using worked this way (you must install first Calamares in the live session) but that the latest version of LMDE does include Calamares directly in the live session with any prior install.

So, next step is how do I use Calamares to do an install with encryption ?
I have installed a version of LMDE as a virtual machine (using the physical install of LMDE as host, which means I have LMDE inside LMDE) to run some tests :
I used Calamares and chose a manual partitioning with basically three partitions : an unecrypted swap, an encrypted ext4 partition with '/' as mount point and an luks-encrypted ext4 partition that I wanted to use for '/home'.

However, after running the install, it seems that the encrypted ext4 partition is unused. Besides, the behaviour I want is the traditional behaviour that you have with the Ubuntu-based LM, i.e.: choosing for each user separately if its home is going to be encrypted or not.

ajgringo619
Level 6
Level 6
Posts: 1479
Joined: Thu Mar 01, 2018 8:36 pm
Location: San Diego, California, USA

Re: Using Calamares for encryption : how ?

Post by ajgringo619 » Fri Feb 08, 2019 8:11 pm

Sorry, I've never done anything with filesystem encryption. Hopefully someone will jump into this thread.
Mint 19.2 XFCE
kernel 4.15.0-72-generic
AMD FX-8350 Eight-Core w/16 GB RAM
Nvidia GeForce 960 w/2GB RAM (440.36)
Image

DeltaTango
Level 2
Level 2
Posts: 86
Joined: Tue May 10, 2016 4:25 am

Encrypting home folder with eCryptfs

Post by DeltaTango » Sat Feb 09, 2019 5:02 am

I found out what I needed and it has nothing to do with Calamares.
I simply need to run the ecryptfs-migrate-home tool to encrypt my home folder.

Documentation & tutorials :https://www.lifewire.com/should-you-enc ... er-2202069

The last step that was difficult to work out was obtaining the encryption passphrase so I can make a backup of it.
According to the documentation, I should be able to obtain it with the command :

Code: Select all

ecryptfs-unwrap-passphrase 
However, when I attempt this, I got a prompt asking me the passphrase, which I could not provide, obviously !
Then I tried

Code: Select all

sudo ecryptfs-unwrap-passphrase 
but got a message telling me I should provide a filename as an argument ...

In the end, the correct command is

Code: Select all

ecryptfs-unwrap-passphrase /home/.ecryptfs/{your_username}/.ecrypts/wrappedpassphrase
, or simply

Code: Select all

ecryptfs-unwrap-passphrase 
which does the same. But when asked for the passphrase, it is your user account's password that one must provide ! And then the encryption passphrase is displayed.

Post Reply

Return to “Installation & Boot”