Using Vi To Encrypt Single Ascii Text Files - Novell LINUX ENTERPRISE SERVER 10 SP2 - INSTALLATION AND ADMINISTRATION Installation Manual

LOGIN.key
The image key, protected with the user's login password.
On login the home directory automatically gets decrypted. Internally, it is provided by
means of the pam module pam_mount. If you need to add an additional login method
that provides encrypted home directories, you have to add this module to the respective
configuration file in /etc/pam.d/. For more information see also Chapter 27, Au-
thentication with PAM (page 497) and the man page of pam_mount.
WARNING: Security Restrictions
Encrypting a user's home directory does not provide strong security from other
users. If strong security is required, the system should not be shared physically.
To enhance security, also encrypt the swap partition and the /tmp and /var/
tmp directories, because these may contain temporary images of critical data.
You can encrypt swap, /tmp, and /var/tmp with the YaST partitioner as de-
scribed in Section 47.1.1, "Creating an Encrypted Partition during Installation"
(page 871) or Section 47.1.3, "Creating an Encrypted File as a Container"
(page 872).
47.3 Using vi to Encrypt Single ASCII
The disadvantage of using encrypted partitions is that while the partition is mounted,
at least root can access the data. To prevent this, vi can be used in encrypted mode.
Use vi -x filename to edit a new file. vi prompts you to set a password, after
which it encrypts the content of the file. Whenever you access this file, vi requests the
correct password.
For even more security, you can place the encrypted text file in an encrypted partition.
This is recommended because the encryption used in vi is not very strong.
874 Installation and Administration
Text Files