Press "Enter" to skip to content

Instructions: Encrypt home directories under Linux with Gocryptfs

Confidential data on notebooks, shared PCs and servers in third-party data centers require special protection – through encryption. This should be done as transparently as possible so that it does not interfere with the usual work. A Linux system completely encrypted with Cryptsetup, for example, protects the contents of the data media from outside parties, but not from other users or the system administrator. Individually encrypted home directories do this. If users log in with their login password, they simultaneously unlock the master key, which only gives access to their personal directory. If you log off again, the files are only available in encrypted form. They cannot be viewed even with root rights.

Gocryptfs does this job. It combines comfort and security. The Systemd-Homed presented in the article “Using your Linux account securely on several Linux systems” also offers encrypted home directories, but if you don’t want to spend a long time tinkering, you better use the somewhat slower, but proven Gocryptfs. Arch Linux and Fedora have it in their package sources. Debian and Ubuntu also come with prepared configuration files. The following practical guide shows how to set up Gocryptfs under Debian and Ubuntu.

Gocryptfs uses transparent encryption. This means that users and applications do not notice anything and access files via the usual directory and file paths. The operating system automatically encrypts the data in the background. Users actually have no access to the kernel interfaces required for this. This is done by privileged services or kernel modules, which slows down read and write access in addition to the effort required for encryption and decryption. Surfing, office work or programming hardly affects everyday life. An encrypted home directory is rather unsuitable for tasks that require a lot of data carrier access, such as video editing.

  • Access to all heise + content
  • exclusive tests, advice & background: independent, critically well-founded
  • Read c’t, iX, MIT Technology Review, Mac & i, Make, c’t photography directly in your browser
  • register once – read on all devices – can be canceled monthly
  • first month free, thereafter € 12.95 per month
  • Weekly newsletter with personal reading recommendations from the editor-in-chief

Start FREE month

Start your FREE month now

Already subscribed to heise +?

Sign up and read

Register now and read articles right away

More information about heise +

Article Source

Disclaimer: This article is generated from the feed and not edited by our team.