key file for linux home encryption?












0















I was surprised to discover, after considerable searching, a particular use case for data encryption is hardly or never discussed in the Linux community, much less readily supported. This case is to create a user account with strong encryption but without encrypting other parts of the system.



Currently, I have a (Mint) Linux system with one account. Neither the home directory nor the system is encrypted, and I have no wish to encrypt either, as doing so adds unwanted hassle to basic use of the system. I would, however, like a secure area to perform sensitive operations, which includes securing not only data files, but also application configuration and logs, data normally stored automatically in the home directory.



It seems necessary that I create a second user account, with an encrypted home directory.



The common approach is to use a tool called ecryptfs-migrate-home, which ships with many Debian-based distributions, and which encrypts a home directory, against a user's password, creating a new instance of an ecrypt file system. It then configures the system to decrypt the directory against the login password when the user logs in. Unfortunately, this model does not appear optimal for a wide variety of cases one might consider in the current state of advancement, where it is plain to see a conflict between a user password that is quick to type and easy to remember, compared to a strong key needed to be safe against the capabilities of fast and abundant hardware available to an attacker.



Based on these considerations, I would want the second user account to be accessible only when a key file is available, through an external storage medium such as a USB stick.



I am aware that users are employing various solutions to encrypt directories that contain sensitive data files. However, unless an entire home directory is encrypted, an application can leave hints outside of the encrypted region that an attacker can exploit. What is badly needed is a sandbox that guarantees that the user (which has no root access) cannot write any data outside the encrypted store.



A simple example would be if a user needs to have privacy about browser history. Remembering to use a private browsing session is prone to error, and means that bookmarks, cookies, and history do not persist across sessions.



Can anyone suggest a way to make a user's entire directory encrypted, such that access is simple and straightforward if a USB stick containing a key is available, but secure otherwise?










share|improve this question























  • You're literally talking about an encrypted home, with eCryptfs. Strong passwords can be quick to type... like this sentence could be one. Or you're only looking for a keyfile specifically to login? But if you're worried about other traces left behind by programs or even swap then xenoid's right (+1) and you need to encrypt everything, or write nothing. Maybe look into TAILS

    – Xen2050
    Jan 15 at 0:23











  • Thanks. My understanding is that key files provide much stronger security, with passwords increasingly vulnerable to brute force attack by clusters. A password on a private system is used frequently, whether restarting a daemon or installing a package. I see a conflict between the needed convenience of simple passwords and the cryptographic safety of strong ones. Swap could be an issue I would have consider, but as it is less used these days I think that browser and open file history is the much more serious problem. Having a strong key that isn't needed just to call sudo is a great help.

    – epl
    Jan 15 at 2:48











  • (1) If I understand you correctly, you want to modify encryptfs to use a key file in a certain location (e.g. a mounted USB stick) instead of a password. That should be possible in principle, but will require to understand how a login with encryptfs works (which I don't, I'd have to read the code) and modify it accordingly. So it's doable, but requires effort and programming knowledge. (2) You can sandbox a user in any way you want, (a) by making sure all other permissions are restrictive, (b) with chroot and bind mounts (docker-style), or possibly in other ways.

    – dirkt
    Jan 15 at 9:06











  • Due to stability concerns, I am specifically avoiding a homegrown solution such as a quick modification to encryptfs. I am rather inquiring about a pre-existing, tested solution with similar effect but different or additional features, including flexibility about key type and location. It would also be interesting to know whether solutions exist that support stacking other cryptographic file systems (e.g. encfs or successors) per user for home data. Essentially, I would want to combine the automation of ecrypt-migrate-home with other features in general use for partially encrypted systems.

    – epl
    Jan 16 at 0:09











  • So is the consensus that the only existing out-of-the-box solution for user-level home directory encryption is ecrypt-migrate-home, which has the following restrictions?: 1) No support for keys stored externally, or otherwise different from the user password? 2) No support for encrypted file systems other than eCryptfs?

    – epl
    Jan 19 at 8:04
















0















I was surprised to discover, after considerable searching, a particular use case for data encryption is hardly or never discussed in the Linux community, much less readily supported. This case is to create a user account with strong encryption but without encrypting other parts of the system.



Currently, I have a (Mint) Linux system with one account. Neither the home directory nor the system is encrypted, and I have no wish to encrypt either, as doing so adds unwanted hassle to basic use of the system. I would, however, like a secure area to perform sensitive operations, which includes securing not only data files, but also application configuration and logs, data normally stored automatically in the home directory.



It seems necessary that I create a second user account, with an encrypted home directory.



The common approach is to use a tool called ecryptfs-migrate-home, which ships with many Debian-based distributions, and which encrypts a home directory, against a user's password, creating a new instance of an ecrypt file system. It then configures the system to decrypt the directory against the login password when the user logs in. Unfortunately, this model does not appear optimal for a wide variety of cases one might consider in the current state of advancement, where it is plain to see a conflict between a user password that is quick to type and easy to remember, compared to a strong key needed to be safe against the capabilities of fast and abundant hardware available to an attacker.



Based on these considerations, I would want the second user account to be accessible only when a key file is available, through an external storage medium such as a USB stick.



I am aware that users are employing various solutions to encrypt directories that contain sensitive data files. However, unless an entire home directory is encrypted, an application can leave hints outside of the encrypted region that an attacker can exploit. What is badly needed is a sandbox that guarantees that the user (which has no root access) cannot write any data outside the encrypted store.



A simple example would be if a user needs to have privacy about browser history. Remembering to use a private browsing session is prone to error, and means that bookmarks, cookies, and history do not persist across sessions.



Can anyone suggest a way to make a user's entire directory encrypted, such that access is simple and straightforward if a USB stick containing a key is available, but secure otherwise?










share|improve this question























  • You're literally talking about an encrypted home, with eCryptfs. Strong passwords can be quick to type... like this sentence could be one. Or you're only looking for a keyfile specifically to login? But if you're worried about other traces left behind by programs or even swap then xenoid's right (+1) and you need to encrypt everything, or write nothing. Maybe look into TAILS

    – Xen2050
    Jan 15 at 0:23











  • Thanks. My understanding is that key files provide much stronger security, with passwords increasingly vulnerable to brute force attack by clusters. A password on a private system is used frequently, whether restarting a daemon or installing a package. I see a conflict between the needed convenience of simple passwords and the cryptographic safety of strong ones. Swap could be an issue I would have consider, but as it is less used these days I think that browser and open file history is the much more serious problem. Having a strong key that isn't needed just to call sudo is a great help.

    – epl
    Jan 15 at 2:48











  • (1) If I understand you correctly, you want to modify encryptfs to use a key file in a certain location (e.g. a mounted USB stick) instead of a password. That should be possible in principle, but will require to understand how a login with encryptfs works (which I don't, I'd have to read the code) and modify it accordingly. So it's doable, but requires effort and programming knowledge. (2) You can sandbox a user in any way you want, (a) by making sure all other permissions are restrictive, (b) with chroot and bind mounts (docker-style), or possibly in other ways.

    – dirkt
    Jan 15 at 9:06











  • Due to stability concerns, I am specifically avoiding a homegrown solution such as a quick modification to encryptfs. I am rather inquiring about a pre-existing, tested solution with similar effect but different or additional features, including flexibility about key type and location. It would also be interesting to know whether solutions exist that support stacking other cryptographic file systems (e.g. encfs or successors) per user for home data. Essentially, I would want to combine the automation of ecrypt-migrate-home with other features in general use for partially encrypted systems.

    – epl
    Jan 16 at 0:09











  • So is the consensus that the only existing out-of-the-box solution for user-level home directory encryption is ecrypt-migrate-home, which has the following restrictions?: 1) No support for keys stored externally, or otherwise different from the user password? 2) No support for encrypted file systems other than eCryptfs?

    – epl
    Jan 19 at 8:04














0












0








0


1






I was surprised to discover, after considerable searching, a particular use case for data encryption is hardly or never discussed in the Linux community, much less readily supported. This case is to create a user account with strong encryption but without encrypting other parts of the system.



Currently, I have a (Mint) Linux system with one account. Neither the home directory nor the system is encrypted, and I have no wish to encrypt either, as doing so adds unwanted hassle to basic use of the system. I would, however, like a secure area to perform sensitive operations, which includes securing not only data files, but also application configuration and logs, data normally stored automatically in the home directory.



It seems necessary that I create a second user account, with an encrypted home directory.



The common approach is to use a tool called ecryptfs-migrate-home, which ships with many Debian-based distributions, and which encrypts a home directory, against a user's password, creating a new instance of an ecrypt file system. It then configures the system to decrypt the directory against the login password when the user logs in. Unfortunately, this model does not appear optimal for a wide variety of cases one might consider in the current state of advancement, where it is plain to see a conflict between a user password that is quick to type and easy to remember, compared to a strong key needed to be safe against the capabilities of fast and abundant hardware available to an attacker.



Based on these considerations, I would want the second user account to be accessible only when a key file is available, through an external storage medium such as a USB stick.



I am aware that users are employing various solutions to encrypt directories that contain sensitive data files. However, unless an entire home directory is encrypted, an application can leave hints outside of the encrypted region that an attacker can exploit. What is badly needed is a sandbox that guarantees that the user (which has no root access) cannot write any data outside the encrypted store.



A simple example would be if a user needs to have privacy about browser history. Remembering to use a private browsing session is prone to error, and means that bookmarks, cookies, and history do not persist across sessions.



Can anyone suggest a way to make a user's entire directory encrypted, such that access is simple and straightforward if a USB stick containing a key is available, but secure otherwise?










share|improve this question














I was surprised to discover, after considerable searching, a particular use case for data encryption is hardly or never discussed in the Linux community, much less readily supported. This case is to create a user account with strong encryption but without encrypting other parts of the system.



Currently, I have a (Mint) Linux system with one account. Neither the home directory nor the system is encrypted, and I have no wish to encrypt either, as doing so adds unwanted hassle to basic use of the system. I would, however, like a secure area to perform sensitive operations, which includes securing not only data files, but also application configuration and logs, data normally stored automatically in the home directory.



It seems necessary that I create a second user account, with an encrypted home directory.



The common approach is to use a tool called ecryptfs-migrate-home, which ships with many Debian-based distributions, and which encrypts a home directory, against a user's password, creating a new instance of an ecrypt file system. It then configures the system to decrypt the directory against the login password when the user logs in. Unfortunately, this model does not appear optimal for a wide variety of cases one might consider in the current state of advancement, where it is plain to see a conflict between a user password that is quick to type and easy to remember, compared to a strong key needed to be safe against the capabilities of fast and abundant hardware available to an attacker.



Based on these considerations, I would want the second user account to be accessible only when a key file is available, through an external storage medium such as a USB stick.



I am aware that users are employing various solutions to encrypt directories that contain sensitive data files. However, unless an entire home directory is encrypted, an application can leave hints outside of the encrypted region that an attacker can exploit. What is badly needed is a sandbox that guarantees that the user (which has no root access) cannot write any data outside the encrypted store.



A simple example would be if a user needs to have privacy about browser history. Remembering to use a private browsing session is prone to error, and means that bookmarks, cookies, and history do not persist across sessions.



Can anyone suggest a way to make a user's entire directory encrypted, such that access is simple and straightforward if a USB stick containing a key is available, but secure otherwise?







linux security encryption






share|improve this question













share|improve this question











share|improve this question




share|improve this question










asked Jan 14 at 20:16









eplepl

104




104













  • You're literally talking about an encrypted home, with eCryptfs. Strong passwords can be quick to type... like this sentence could be one. Or you're only looking for a keyfile specifically to login? But if you're worried about other traces left behind by programs or even swap then xenoid's right (+1) and you need to encrypt everything, or write nothing. Maybe look into TAILS

    – Xen2050
    Jan 15 at 0:23











  • Thanks. My understanding is that key files provide much stronger security, with passwords increasingly vulnerable to brute force attack by clusters. A password on a private system is used frequently, whether restarting a daemon or installing a package. I see a conflict between the needed convenience of simple passwords and the cryptographic safety of strong ones. Swap could be an issue I would have consider, but as it is less used these days I think that browser and open file history is the much more serious problem. Having a strong key that isn't needed just to call sudo is a great help.

    – epl
    Jan 15 at 2:48











  • (1) If I understand you correctly, you want to modify encryptfs to use a key file in a certain location (e.g. a mounted USB stick) instead of a password. That should be possible in principle, but will require to understand how a login with encryptfs works (which I don't, I'd have to read the code) and modify it accordingly. So it's doable, but requires effort and programming knowledge. (2) You can sandbox a user in any way you want, (a) by making sure all other permissions are restrictive, (b) with chroot and bind mounts (docker-style), or possibly in other ways.

    – dirkt
    Jan 15 at 9:06











  • Due to stability concerns, I am specifically avoiding a homegrown solution such as a quick modification to encryptfs. I am rather inquiring about a pre-existing, tested solution with similar effect but different or additional features, including flexibility about key type and location. It would also be interesting to know whether solutions exist that support stacking other cryptographic file systems (e.g. encfs or successors) per user for home data. Essentially, I would want to combine the automation of ecrypt-migrate-home with other features in general use for partially encrypted systems.

    – epl
    Jan 16 at 0:09











  • So is the consensus that the only existing out-of-the-box solution for user-level home directory encryption is ecrypt-migrate-home, which has the following restrictions?: 1) No support for keys stored externally, or otherwise different from the user password? 2) No support for encrypted file systems other than eCryptfs?

    – epl
    Jan 19 at 8:04



















  • You're literally talking about an encrypted home, with eCryptfs. Strong passwords can be quick to type... like this sentence could be one. Or you're only looking for a keyfile specifically to login? But if you're worried about other traces left behind by programs or even swap then xenoid's right (+1) and you need to encrypt everything, or write nothing. Maybe look into TAILS

    – Xen2050
    Jan 15 at 0:23











  • Thanks. My understanding is that key files provide much stronger security, with passwords increasingly vulnerable to brute force attack by clusters. A password on a private system is used frequently, whether restarting a daemon or installing a package. I see a conflict between the needed convenience of simple passwords and the cryptographic safety of strong ones. Swap could be an issue I would have consider, but as it is less used these days I think that browser and open file history is the much more serious problem. Having a strong key that isn't needed just to call sudo is a great help.

    – epl
    Jan 15 at 2:48











  • (1) If I understand you correctly, you want to modify encryptfs to use a key file in a certain location (e.g. a mounted USB stick) instead of a password. That should be possible in principle, but will require to understand how a login with encryptfs works (which I don't, I'd have to read the code) and modify it accordingly. So it's doable, but requires effort and programming knowledge. (2) You can sandbox a user in any way you want, (a) by making sure all other permissions are restrictive, (b) with chroot and bind mounts (docker-style), or possibly in other ways.

    – dirkt
    Jan 15 at 9:06











  • Due to stability concerns, I am specifically avoiding a homegrown solution such as a quick modification to encryptfs. I am rather inquiring about a pre-existing, tested solution with similar effect but different or additional features, including flexibility about key type and location. It would also be interesting to know whether solutions exist that support stacking other cryptographic file systems (e.g. encfs or successors) per user for home data. Essentially, I would want to combine the automation of ecrypt-migrate-home with other features in general use for partially encrypted systems.

    – epl
    Jan 16 at 0:09











  • So is the consensus that the only existing out-of-the-box solution for user-level home directory encryption is ecrypt-migrate-home, which has the following restrictions?: 1) No support for keys stored externally, or otherwise different from the user password? 2) No support for encrypted file systems other than eCryptfs?

    – epl
    Jan 19 at 8:04

















You're literally talking about an encrypted home, with eCryptfs. Strong passwords can be quick to type... like this sentence could be one. Or you're only looking for a keyfile specifically to login? But if you're worried about other traces left behind by programs or even swap then xenoid's right (+1) and you need to encrypt everything, or write nothing. Maybe look into TAILS

– Xen2050
Jan 15 at 0:23





You're literally talking about an encrypted home, with eCryptfs. Strong passwords can be quick to type... like this sentence could be one. Or you're only looking for a keyfile specifically to login? But if you're worried about other traces left behind by programs or even swap then xenoid's right (+1) and you need to encrypt everything, or write nothing. Maybe look into TAILS

– Xen2050
Jan 15 at 0:23













Thanks. My understanding is that key files provide much stronger security, with passwords increasingly vulnerable to brute force attack by clusters. A password on a private system is used frequently, whether restarting a daemon or installing a package. I see a conflict between the needed convenience of simple passwords and the cryptographic safety of strong ones. Swap could be an issue I would have consider, but as it is less used these days I think that browser and open file history is the much more serious problem. Having a strong key that isn't needed just to call sudo is a great help.

– epl
Jan 15 at 2:48





Thanks. My understanding is that key files provide much stronger security, with passwords increasingly vulnerable to brute force attack by clusters. A password on a private system is used frequently, whether restarting a daemon or installing a package. I see a conflict between the needed convenience of simple passwords and the cryptographic safety of strong ones. Swap could be an issue I would have consider, but as it is less used these days I think that browser and open file history is the much more serious problem. Having a strong key that isn't needed just to call sudo is a great help.

– epl
Jan 15 at 2:48













(1) If I understand you correctly, you want to modify encryptfs to use a key file in a certain location (e.g. a mounted USB stick) instead of a password. That should be possible in principle, but will require to understand how a login with encryptfs works (which I don't, I'd have to read the code) and modify it accordingly. So it's doable, but requires effort and programming knowledge. (2) You can sandbox a user in any way you want, (a) by making sure all other permissions are restrictive, (b) with chroot and bind mounts (docker-style), or possibly in other ways.

– dirkt
Jan 15 at 9:06





(1) If I understand you correctly, you want to modify encryptfs to use a key file in a certain location (e.g. a mounted USB stick) instead of a password. That should be possible in principle, but will require to understand how a login with encryptfs works (which I don't, I'd have to read the code) and modify it accordingly. So it's doable, but requires effort and programming knowledge. (2) You can sandbox a user in any way you want, (a) by making sure all other permissions are restrictive, (b) with chroot and bind mounts (docker-style), or possibly in other ways.

– dirkt
Jan 15 at 9:06













Due to stability concerns, I am specifically avoiding a homegrown solution such as a quick modification to encryptfs. I am rather inquiring about a pre-existing, tested solution with similar effect but different or additional features, including flexibility about key type and location. It would also be interesting to know whether solutions exist that support stacking other cryptographic file systems (e.g. encfs or successors) per user for home data. Essentially, I would want to combine the automation of ecrypt-migrate-home with other features in general use for partially encrypted systems.

– epl
Jan 16 at 0:09





Due to stability concerns, I am specifically avoiding a homegrown solution such as a quick modification to encryptfs. I am rather inquiring about a pre-existing, tested solution with similar effect but different or additional features, including flexibility about key type and location. It would also be interesting to know whether solutions exist that support stacking other cryptographic file systems (e.g. encfs or successors) per user for home data. Essentially, I would want to combine the automation of ecrypt-migrate-home with other features in general use for partially encrypted systems.

– epl
Jan 16 at 0:09













So is the consensus that the only existing out-of-the-box solution for user-level home directory encryption is ecrypt-migrate-home, which has the following restrictions?: 1) No support for keys stored externally, or otherwise different from the user password? 2) No support for encrypted file systems other than eCryptfs?

– epl
Jan 19 at 8:04





So is the consensus that the only existing out-of-the-box solution for user-level home directory encryption is ecrypt-migrate-home, which has the following restrictions?: 1) No support for keys stored externally, or otherwise different from the user password? 2) No support for encrypted file systems other than eCryptfs?

– epl
Jan 19 at 8:04










1 Answer
1






active

oldest

votes


















1














This was going to be a comment because it doesn't really answers your question, but ends up being a bit too long...



If the attacker connects to the system when you are logged in and have "opened" the encrypted bits (which is most of the time when the PC is turned on...), then it has access to then contents "over your shoulder".



So encrypting (parts of) the disk is only useful to prevent access to that data by strangers in case of loss of theft of the computer/disk. If so what are the chances that your USB "dongle" is stolen/lost at the same time?



And how do you encrypt the USB key contents, because these could be quickly copied to another key... unless you also protect them by password, but then you have a a password and a USB key instead of just a password.



Consider also that it is a good idea to encrypt your boot disk. Otherwise someone could alter it and add software that waits for your part to be unlocked (and either catches the "key", or just bluntly copies/uploads the data elsewhere).



Maybe your desired use case is not discussed much because it is not as safe as it looks or there are more practical alternatives for the same safety levels.



PS:




What is badly needed is a sandbox that guarantees that the user (which has no root access) cannot write any data outside the encrypted store.




Then you have to encrypt you whole home directory (and maybe /tmp as well) if you want to be able to use any application.






share|improve this answer























    Your Answer








    StackExchange.ready(function() {
    var channelOptions = {
    tags: "".split(" "),
    id: "3"
    };
    initTagRenderer("".split(" "), "".split(" "), channelOptions);

    StackExchange.using("externalEditor", function() {
    // Have to fire editor after snippets, if snippets enabled
    if (StackExchange.settings.snippets.snippetsEnabled) {
    StackExchange.using("snippets", function() {
    createEditor();
    });
    }
    else {
    createEditor();
    }
    });

    function createEditor() {
    StackExchange.prepareEditor({
    heartbeatType: 'answer',
    autoActivateHeartbeat: false,
    convertImagesToLinks: true,
    noModals: true,
    showLowRepImageUploadWarning: true,
    reputationToPostImages: 10,
    bindNavPrevention: true,
    postfix: "",
    imageUploader: {
    brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
    contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
    allowUrls: true
    },
    onDemand: true,
    discardSelector: ".discard-answer"
    ,immediatelyShowMarkdownHelp:true
    });


    }
    });














    draft saved

    draft discarded


















    StackExchange.ready(
    function () {
    StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsuperuser.com%2fquestions%2f1394246%2fkey-file-for-linux-home-encryption%23new-answer', 'question_page');
    }
    );

    Post as a guest















    Required, but never shown

























    1 Answer
    1






    active

    oldest

    votes








    1 Answer
    1






    active

    oldest

    votes









    active

    oldest

    votes






    active

    oldest

    votes









    1














    This was going to be a comment because it doesn't really answers your question, but ends up being a bit too long...



    If the attacker connects to the system when you are logged in and have "opened" the encrypted bits (which is most of the time when the PC is turned on...), then it has access to then contents "over your shoulder".



    So encrypting (parts of) the disk is only useful to prevent access to that data by strangers in case of loss of theft of the computer/disk. If so what are the chances that your USB "dongle" is stolen/lost at the same time?



    And how do you encrypt the USB key contents, because these could be quickly copied to another key... unless you also protect them by password, but then you have a a password and a USB key instead of just a password.



    Consider also that it is a good idea to encrypt your boot disk. Otherwise someone could alter it and add software that waits for your part to be unlocked (and either catches the "key", or just bluntly copies/uploads the data elsewhere).



    Maybe your desired use case is not discussed much because it is not as safe as it looks or there are more practical alternatives for the same safety levels.



    PS:




    What is badly needed is a sandbox that guarantees that the user (which has no root access) cannot write any data outside the encrypted store.




    Then you have to encrypt you whole home directory (and maybe /tmp as well) if you want to be able to use any application.






    share|improve this answer




























      1














      This was going to be a comment because it doesn't really answers your question, but ends up being a bit too long...



      If the attacker connects to the system when you are logged in and have "opened" the encrypted bits (which is most of the time when the PC is turned on...), then it has access to then contents "over your shoulder".



      So encrypting (parts of) the disk is only useful to prevent access to that data by strangers in case of loss of theft of the computer/disk. If so what are the chances that your USB "dongle" is stolen/lost at the same time?



      And how do you encrypt the USB key contents, because these could be quickly copied to another key... unless you also protect them by password, but then you have a a password and a USB key instead of just a password.



      Consider also that it is a good idea to encrypt your boot disk. Otherwise someone could alter it and add software that waits for your part to be unlocked (and either catches the "key", or just bluntly copies/uploads the data elsewhere).



      Maybe your desired use case is not discussed much because it is not as safe as it looks or there are more practical alternatives for the same safety levels.



      PS:




      What is badly needed is a sandbox that guarantees that the user (which has no root access) cannot write any data outside the encrypted store.




      Then you have to encrypt you whole home directory (and maybe /tmp as well) if you want to be able to use any application.






      share|improve this answer


























        1












        1








        1







        This was going to be a comment because it doesn't really answers your question, but ends up being a bit too long...



        If the attacker connects to the system when you are logged in and have "opened" the encrypted bits (which is most of the time when the PC is turned on...), then it has access to then contents "over your shoulder".



        So encrypting (parts of) the disk is only useful to prevent access to that data by strangers in case of loss of theft of the computer/disk. If so what are the chances that your USB "dongle" is stolen/lost at the same time?



        And how do you encrypt the USB key contents, because these could be quickly copied to another key... unless you also protect them by password, but then you have a a password and a USB key instead of just a password.



        Consider also that it is a good idea to encrypt your boot disk. Otherwise someone could alter it and add software that waits for your part to be unlocked (and either catches the "key", or just bluntly copies/uploads the data elsewhere).



        Maybe your desired use case is not discussed much because it is not as safe as it looks or there are more practical alternatives for the same safety levels.



        PS:




        What is badly needed is a sandbox that guarantees that the user (which has no root access) cannot write any data outside the encrypted store.




        Then you have to encrypt you whole home directory (and maybe /tmp as well) if you want to be able to use any application.






        share|improve this answer













        This was going to be a comment because it doesn't really answers your question, but ends up being a bit too long...



        If the attacker connects to the system when you are logged in and have "opened" the encrypted bits (which is most of the time when the PC is turned on...), then it has access to then contents "over your shoulder".



        So encrypting (parts of) the disk is only useful to prevent access to that data by strangers in case of loss of theft of the computer/disk. If so what are the chances that your USB "dongle" is stolen/lost at the same time?



        And how do you encrypt the USB key contents, because these could be quickly copied to another key... unless you also protect them by password, but then you have a a password and a USB key instead of just a password.



        Consider also that it is a good idea to encrypt your boot disk. Otherwise someone could alter it and add software that waits for your part to be unlocked (and either catches the "key", or just bluntly copies/uploads the data elsewhere).



        Maybe your desired use case is not discussed much because it is not as safe as it looks or there are more practical alternatives for the same safety levels.



        PS:




        What is badly needed is a sandbox that guarantees that the user (which has no root access) cannot write any data outside the encrypted store.




        Then you have to encrypt you whole home directory (and maybe /tmp as well) if you want to be able to use any application.







        share|improve this answer












        share|improve this answer



        share|improve this answer










        answered Jan 14 at 21:04









        xenoidxenoid

        3,6433718




        3,6433718






























            draft saved

            draft discarded




















































            Thanks for contributing an answer to Super User!


            • Please be sure to answer the question. Provide details and share your research!

            But avoid



            • Asking for help, clarification, or responding to other answers.

            • Making statements based on opinion; back them up with references or personal experience.


            To learn more, see our tips on writing great answers.




            draft saved


            draft discarded














            StackExchange.ready(
            function () {
            StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsuperuser.com%2fquestions%2f1394246%2fkey-file-for-linux-home-encryption%23new-answer', 'question_page');
            }
            );

            Post as a guest















            Required, but never shown





















































            Required, but never shown














            Required, but never shown












            Required, but never shown







            Required, but never shown

































            Required, but never shown














            Required, but never shown












            Required, but never shown







            Required, but never shown







            Popular posts from this blog

            How to make a Squid Proxy server?

            Is this a new Fibonacci Identity?

            19世紀