Using Encrypted Home Directories - Novell LINUX ENTERPRISE DESKTOP 11 - SECURITY GUIDE 17-03-2009 Manual

11.1.4 Encrypting the Content of Removable
Media
YaST treats removable media like external hard disks or USB flash drives the same as
any other hard disk. Container files or partitions on such media can be encrypted as
described above. However, enable Do Not Mount During Booting in the Fstab Options
dialog, because removable media are usually only connected while the system is running.
If you have encrypted your removable device with YaST, the KDE and GNOME
desktops automatically recognize the encrypted partition and prompt for the password
when the device is detected. If you plug in a FAT formatted removable device while
running KDE or GNOME, the desktop user entering the password automatically becomes
the owner of the device and can read and write files. For devices with a file system
other than FAT, change the ownership explicitly for users other than root to enable
these users to read or write files on the device.
11.2 Using Encrypted Home
Directories
To protect data in home directories against theft and hard disk removal, use the YaST
user management module to enable encryption of home directories. You can create
encrypted home directories for new or existing users. To encrypt or decrypt home di-
rectories of already existing users, you need to know their login password. See Sec-
tion "Managing Encrypted Home Directories" (Chapter 9, Managing Users with YaST,
↑Deployment Guide) for instructions.
Encrypted home partitions are created within a file container as described in
tion 11.1.3, "Creating an Encrypted File as a Container"
ated under /home for each encrypted home directory:
LOGIN.img
The image holding the directory
LOGIN.key
The image key, protected with the user's login password.
Sec-
(page 110). Two files are cre-
Encrypting Partitions and Files 111