On 11/10/2021 17:02, Peter wrote:
I'm thinking of moving to an encrypted home partition when setting up a new computer. Its a completely new machine. I'm a bit puzzled how to proceed.
I've looked at tutorials on how to use fscrypt and encryptfs but they are quite complicated and probably beyond my ability to carry out error free.
So finally it seems the simplest approved way is to create an encrypted home partition on the new machine, then take a backup of home and use it to restore to that partition. This would have the great merit of being very safe, the only thing one could mess up would be the new partition, or worst case the backup.
I can do a partition backup easily enough to an external hard drive using clonezilla. So I boot the new machine, connect the external with honme on it via usb... and then what?
Are you sure it's an encrypted home partition? I thought by default it made encrypted home directories. The directory is encrypted/decrypted using the user's password.
Working on that assumption:
Assuming user "peter", home directory /home/peter, backup drive mounted on /media/BACKUP/ so peter's backed up home in /media/BACKUP/home/peter
Boot the new machine. Log in as peter. Copy files from /media/BACKUP/home/peter to /home/peter
*BUT* I wouldn't overwrite any files - that could mess up your new desktop If using cp, I'd suggest cp -arv and -n (for not overwrite)
Once peter has been done, repeat for any other home directories/users
Do I just copy all the files? Will that preserve the desktop and the links on it?
Nope. I usually recreate desktop and links by manually installing all the files, making new links etc. A newly installed machine is likely to have different paths to programs and things like that.
If you want to copy the whole kit & kaboodle, then clone the whole disk then shove it on the new machine and see if it works - but beware, it might not. But then, you'll have to manually change home directories into encrypted home directories. Personally I would not risk this or do it this way.
Or is there some way of restoring the partition itself to the encrypted partition?
ISTR there is some funky way of backing up and restoring if you use Mint OS, but, in general, no, at least no that I'm aware of.
Should have started out with full device encryption of course, but that was more years ago than I like to think!
Personally, I think an encrypted home directory would be secure enough for most people.
YMMV
HTH
Steve