Encrypting a specif folder Fedora?

What would you recommend for a simple folder encryption in Fedora. Is it LUKS , eCryptfs , other ?
Should I even encrypt the Home folder ?

Hello,
I use luks
you must encryt swap ( passwd, … ) and root ( and home ) to be safe

It is better to use ext4, one partition efi for /boot/efi, one partition ext4 for /boot, one encrypted partition swap for swap and only one encrypted partition ext4 for root ( then including home to not to have to resize root to gain place for home afer install…) otherwise one more encrypted partition ext4 for home.

NB : You can create others encrypted partition for Data,… using disks ( gnome-disk-utility )
Open Disks choose a free partition, Add partition, next, add name and select encrypted it will ask a passphase and format the ext4 partition.
To access to it simply from Nautilus it will ask you passwords and that it.

MODIFICATIONS:
You can change all the passphrases using disks,
You can resize encrypted partition using gparted ( swap must be kept encrypted, root and home must be uncrypted first then perform a ‘check’ on root and home after resize before closing gparted ) from LiveUSB of course…

Best regards
GEPLinux

1 Like

So what would be the simplest way (using LUKS ) to encrypt let’s say a new folder which will contain digital copies of my passport ?

Perso I do this for my sensitive documents, softwares and dongle :

On my Desktops, Laptops, …

  1. Use gparted and a Fedora spin LiveUsb or Fedora workstation LiveUsb with sudo su ; dnf -y install gparted
  2. Resize home or root and free 10 GiB
  3. Run Disks Select the free partition
  4. Ask for a new partition using [+]
  5. Name eth new partition
  6. Select encrypted,
  7. Type passphrase with show passphrase selected to be sure of what I’m typing

Then

  1. Open the disk via File ( nautilus )
  2. Type the passphrase AND SELECT FORGET IMMEDIATLY of course
  3. Place all sensitives documents
  4. Disconnect the disk ( as USB ) immediatly

On one USB Key, DON’T FORGET BACKUP !

  1. Connect an USB Key
  2. Run Disks Select the USB
  3. Format
  4. Select encrypted,
  5. Type passphrase with show passphrase selected to be sure of what I’m typing
  6. Then open File ( nautilus )
  7. Type the passphrase AND SELECT FORGET IMMEDIATLY of course
  8. Place all sensitives documents
  9. Disconnect the USB Key immediatly

If you keep it on home partition you may have issues in few months as running Fedora if an upgrade to new Fedora version fails
If you simply add passwd to a generated pdf it may be cracked easely
BR
GEPLinux

1 Like

@fedoranewbie
You should encrypt what you want to protect. If your home folder contains secret/private information, you should consider that. We cannot tell you which drives are secret/private for you.

dmcrypt/LUKS (you work mostly with the command cryptsetup) is intended for disc/partition/volume encryption (which are then mounted to a folder):

https://docs.fedoraproject.org/en-US/quick-docs/encrypting-drives-using-LUKS/

You will find a lot of useful guides for cryptsetup on the Internet.

However, theoretically, you can also create files that contain encrypted filesystems (on Unix/Linux, everything is a file) to mount that file on another folder like a partition. You can create a file (e.g., with dd) and then do everything on the file what is described in the guides for drives/partitions. However, this may prove less reliable for you as it is no “implement once and then forget” solution.

@geplinux

What do you mean with swap and passwd? passwd is stored on /etc/ and thus, on the root partition.

SWAP can keep history password included it must be encrypted also specially if used with Citrix…

Concerning /etc it is in root then encrypted by root
I don’t use dd except for copying iso

I’m explainig my day tot day work with disk encryption during that post I’m installing Fedora and ArcoLinux on Laptop with encrypted disks and additionnal encrypted USB exactly as described and it works nice as usual…

1 Like

I didn’t reject your approach to encrypt swap :wink: I was just confused by the passwd as content of swap. I assumed you mean the file. Thanks for the clarification :slight_smile:

3 Likes

Thank you guys you really helped me.

I am aware of that , I did give an example of storing a digital copy of my passport in the home directory., just wanted to hear other opinnions on the matter.

1 Like

1 Like

Here you can see :

    • /boot/efi
    • /boot
    • Encrypted root ( with Home inside )
    • Encrypted swap ( 16 Go RAM and used for hiberbation then big size )
    • Encrypted 600 Go Data disk ( Never broken enven during Fedora (re) installation )
1 Like

image

1 Like