I was surprised to discover, after considerable searching, a particular use case for data encryption is hardly or never discussed in the Linux community, much less readily supported. This case is to create a user account with strong encryption but without encrypting other parts of the system.
Currently, I have a (Mint) Linux system with one account. Neither the home directory nor the system is encrypted, and I have no wish to encrypt either, as doing so adds unwanted hassle to basic use of the system. I would, however, like a secure area to perform sensitive operations, which includes securing not only data files, but also application configuration and logs, data normally stored automatically in the home directory.
It seems necessary that I create a second user account, with an encrypted home directory.
The common approach is to use a tool called ecryptfs-migrate-home
, which ships with many Debian-based distributions, and which encrypts a home directory, against a user's password, creating a new instance of an ecrypt file system. It then configures the system to decrypt the directory against the login password when the user logs in. Unfortunately, this model does not appear optimal for a wide variety of cases one might consider in the current state of advancement, where it is plain to see a conflict between a user password that is quick to type and easy to remember, compared to a strong key needed to be safe against the capabilities of fast and abundant hardware available to an attacker.
Based on these considerations, I would want the second user account to be accessible only when a key file is available, through an external storage medium such as a USB stick.
I am aware that users are employing various solutions to encrypt directories that contain sensitive data files. However, unless an entire home directory is encrypted, an application can leave hints outside of the encrypted region that an attacker can exploit. What is badly needed is a sandbox that guarantees that the user (which has no root access) cannot write any data outside the encrypted store.
A simple example would be if a user needs to have privacy about browser history. Remembering to use a private browsing session is prone to error, and means that bookmarks, cookies, and history do not persist across sessions.
Can anyone suggest a way to make a user's entire directory encrypted, such that access is simple and straightforward if a USB stick containing a key is available, but secure otherwise?
sudo
is a great help.encryptfs
to use a key file in a certain location (e.g. a mounted USB stick) instead of a password. That should be possible in principle, but will require to understand how a login withencryptfs
works (which I don't, I'd have to read the code) and modify it accordingly. So it's doable, but requires effort and programming knowledge. (2) You can sandbox a user in any way you want, (a) by making sure all other permissions are restrictive, (b) withchroot
and bind mounts (docker-style), or possibly in other ways.ecrypt-migrate-home
with other features in general use for partially encrypted systems.ecrypt-migrate-home
, which has the following restrictions?: 1) No support for keys stored externally, or otherwise different from the user password? 2) No support for encrypted file systems other than eCryptfs?