[prev in list] [next in list] [prev in thread] [next in thread]
List: kdepim-users
Subject: Re: [kdepim-users] Can a folder be encrypted?
From: Anne Wilson <cannewilson () googlemail ! com>
Date: 2007-06-27 10:46:43
Message-ID: 200706271146.51122.cannewilson () googlemail ! com
[Download RAW message or body]
[Attachment #2 (multipart/signed)]
On Wednesday 27 June 2007 10:34:35 Boyan Tabakov wrote:
> On Wednesday 27 June 2007 11:07:09 Anne Wilson wrote:
> > On Tuesday 26 June 2007 22:02:32 Ingo Klöcker wrote:
> > > On Tuesday 26 June 2007 20:33, Anne Wilson wrote:
> > > > I have one mail folder with sensitive information. I'd like to copy
> > > > it to my laptop when I'm going to be away from home, but I'm unhappy
> > > > about the security aspect. It would be nice if I could copy it to
> > > > the Local area, then encrypt the whole folder.
> > >
> > > FWIW, I agree with the other posters that using an encrypted loopback
> > > device is the best solution for this. Alternatively, to encrypting your
> > > whole home folder or the whole mail storage you can of course also just
> > > encrypt the folder's folder. If you also want the data in the index
> > > files (e.g. Subject, Sender, Receiver, etc.) to be encrypted then you
> > > will also have to encrypt the folder one level up in your folder
> > > hierarchy.
> >
> > Thanks to all who commented. Much reading is in order now :-)
> >
> > Anne
>
> Hi Anne,
>
> Creating an encrypted loopback device would certainly be the easyest way.
> The other option - repartition your disk - will be a little hard to
> achieve, unless you have set your system to use LVM (Logical Volume
> Manager).
>
> Moreover, the loopback storage will be just a file on your normal file
> system and you can transfer it whereever you would like to.
>
> If you don't want to go deep into reading much (I didn't follow the links
> that Christian posted, so I am not sure if the howto is quick or not:) )
> here is a quick start:
>
> 1) Read the manpage of losetup. The examples section is what you really
> need. 2) Pick an encryption algorithm. I am using AES256.
>
> Make sure that the kernel module cryptoloop is loaded each time you try to
> use it. (Add it to /etc/modprobe.conf or /etc/modprobe.d/<stuff> depending
> on your distro.) The module might get loaded automatically by mount, but if
> you get strange errors about missing modules, this would be the cause.
>
> 3) Create a key to encrypt the data, as shown in the examples.
> 4) Encrypt the key with your personal gpg key, so that when you mount the
> encrypted device you'll be asked for your gpg's passphrase.
> 5) In order to skip using losetup manually each time you mount the device,
> set it in /etc/fstab. The entry I am actively using is the following:
>
> /mnt/Guardian /mnt/crypto ext2
> noauto,loop,encryption=aes256,gpghome=/home/blade/.gnupg,gpgkey=/home/blade
>/.gnupg/.guardian,user 0 0
>
> (Sorry for the bad formatting)
>
> Here /home/blade/.gnupg/.guardian is the encrypted key that I use for the
> device. /mnt/Guardian is the file containing the encrypted file system.
>
> If you plan to mount the encrypted device in ~/.kde/share/apps/mail (e.g.
> it will contain all your mail) make sure you create a big enough file.
> Remember that you could always add extra space to the file (playing with dd
> and offsets, carefully though, you don't want to ruin your data:) ) and
> then resize the file system on it (see man page for resize2fs).
>
> Good luck and best regards!
That sounds really helpful, thanks
Anne
--
Registered Linux User No.293302 (http://counter.li.org/)
[Attachment #5 (application/pgp-signature)]
_______________________________________________
KDE PIM users mailing list
kdepim-users@kde.org
https://mail.kde.org/mailman/listinfo/kdepim-users
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic