Using Vi To Encrypt Single Ascii Text Files - Novell LINUX ENTERPRISE SERVER 10 - INSTALLATION AND ADMINISTRATION 08-05-2008 Installation Manual

LOGIN.key
The image key, protected with the user's login password.
On login the home directory automatically gets decrypted. Internally, it is provided by
means of the pam module pam_mount. If you need to add an additional login method
that provides encrypted home directories, you have to add this module to the respective
configuration file in /etc/pam.d/. For more information see also
thentication with PAM
WARNING: Security Restrictions
Encrypting a user's home directory does not provide strong security from other
users. If strong security is required, the system should not be shared physically.
To enhance security, also encrypt the swap partition and the /tmp and /var/
tmp directories, because these may contain temporary images of critical data.
You can encrypt swap, /tmp, and /var/tmp with the YaST partitioner as de-
scribed in
(page 867) or
(page 868).
47.3 Using vi to Encrypt Single ASCII
The disadvantage of using encrypted partitions is that while the partition is mounted,
at least root can access the data. To prevent this, vi can be used in encrypted mode.
Use vi -x filename to edit a new file. vi prompts you to set a password, after
which it encrypts the content of the file. Whenever you access this file, vi requests the
correct password.
For even more security, you can place the encrypted text file in an encrypted partition.
This is recommended because the encryption used in vi is not very strong.
870 Installation and Administration
(page 495) and the man page of pam_mount.
Section 47.1.1, "Creating an Encrypted Partition during Installation"
Section 47.1.3, "Creating an Encrypted File as a Container"
Text Files
Chapter 27, Au-