ecryptfs questions
Petter Adsen
petter at synth.no
Sat Apr 4 13:15:03 UTC 2015
I have a ~/Private that is encrypted with ecryptfs, set up by the
installer. To me, this is preferable to encrypting the entire /home
disk with LUKS, as my machine doesn't have AES-NI extensions, and I can
pick out what I want to be encrypted.
However, the installer set it up so that it is mounted on login. I can
understand that this is convenient to many people, but I would rather
be prompted for a separate passphrase or have to run a script that
mounts it and asks for the passphrase, to provide a second layer for
anyone trying to get to my private data.
I assume the automatic authorization on login is somehow happening
through PAM. Is there an easy way to disable this, so that I have to
provide the passphrase that differs from my login password?
Also, I have moved all private ssh/gpg keys, some documents, the
KeepassX db, etc into ~/Private, along with ~/.cache, ~/.mozilla and my
mail folder. Can anyone else think of anything I might have missed that
might contain things that should be kept private?
(Yes, ~/.cache might be overkill, but I didn't want to dig into what's
actually in it.)
Petter
--
"I'm ionized"
"Are you sure?"
"I'm positive."
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 213 bytes
Desc: OpenPGP digital signature
URL: <https://lists.ubuntu.com/archives/ubuntu-users/attachments/20150404/4f52221d/attachment.sig>
More information about the ubuntu-users
mailing list