FreeBSD and Home Encryption

U

unbalancedskunk

İ wonder that is it possible to encrypt home folder? If not, can you advise me good encryption tool for encrypting my data? I know Veracrypt and looking for other.
Note: I again typed u im really sorry but its habit. There is nothing intentional.
 
If you are running at least 13.0 and using ZFS, why not take a look at ZFS native encryption?
It's per dataset (which you can make each user home directory a distinct dataset)

klarasystems.com

OpenZFS Native Encryption

Starting with 13.0, FreeBSD supports OpenZFS native encryption. Learn more about how native encryption is different from GELI, what benefits it adds, how to create encrypted databases, and more.
klarasystems.com klarasystems.com
 
you may consider if the whole /home/ needs to be encrypted.
E.g. I put sensible data into an encrypted file (can do this additionally though.)
Or on my mpbile computers the whole disk is encrypted - including home.

Another way could be to mount /home onto an own encrypted partition or disk.
ZFS, as mer mentioned, offers good possibilties for that,
but it's also possible with ufs.
(Handbook and other How tos you'll find quickly describe how to do it. It's not rocket sciences.)
 
I have used PEFS on top of ZFS to encrypt my home directories for the past couple years. Worked like a charm, unfortunately when I upgraded from 12.3 to 13.1 something went wrong (probably my fault) and I was unable to reliable decrypt my home directory using PEFS. So I switched from PEFS to ZFS native encryption for encrypting my home directories and restored all my data from my daily backup. So far it works, the only drawback is that when I logout my home directory stays mounted and unencrypted. This is not an big issue for me, as encryption shall protect me against hardware theft and when I travel I always power down my laptop.
 
tanis said:
I have used PEFS on top of ZFS to encrypt my home directories for the past couple years. Worked like a charm, unfortunately when I upgraded from 12.3 to 13.1 something went wrong (probably my fault) and I was unable to reliable decrypt my home directory using PEFS.
Click to expand...
I think it was not your fault, between 13.0 and 13.1 a new version of ZFS was merged and caused PEFS to failed to reliably works: locking a file did not work, and you could have multiple times the same files. It is now fixed with the last version as for now (I did not check if mounting pefs on top of a nfs mount still work ).

ZFS Native encryption for me just need to have a pam module to be a real replacement for PEFS. But it have the advantage to be in the source tree, and so will not break between upgrade.
 
monwarez said:
I think it was not your fault, between 13.0 and 13.1 a new version of ZFS was merged and caused PEFS to failed to reliably works: locking a file did not work, and you could have multiple times the same files. It is now fixed with the last version as for now (I did not check if mounting pefs on top of a nfs mount still work ).
Click to expand...

That's exactly what I experienced, thanks for clearing that up for me.

monwarez said:
ZFS Native encryption for me just need to have a pam module to be a real replacement for PEFS. But it have the advantage to be in the source tree, and so will not break between upgrade.
Click to expand...
Idk, if you are aware of the following thread in particular the following posting: pam_zfs_key .

That's what I'm currently using and my experience I described in my initial posting.
 
You must log in or register to reply here.
Back
Top