Using Vi To Encrypt Single Ascii Text Files - Novell LINUX ENTERPRISE SERVER 11 - SECURITY Manual

On login the home directory automatically gets decrypted. Internally, it is provided by
means of the pam module pam_mount. If you need to add an additional login method
that provides encrypted home directories, you have to add this module to the respective
configuration file in /etc/pam.d/. For more information see also
tication with PAM
WARNING: Security Restrictions
Encrypting a user's home directory does not provide strong security from other
users. If strong security is required, the system should not be shared physically.
To enhance security, also encrypt the swap partition and the /tmp and /var/
tmp directories, because these may contain temporary images of critical data.
You can encrypt swap, /tmp, and /var/tmp with the YaST partitioner as de-
scribed in
(page 147) or
(page 148).
11.3 Using vi to Encrypt Single ASCII
The disadvantage of using encrypted partitions is that while the partition is mounted,
at least root can access the data. To prevent this, vi can be used in encrypted mode.
Use vi -x filename to edit a new file. vi prompts you to set a password, after
which it encrypts the content of the file. Whenever you access this file, vi requests the
correct password.
For even more security, you can place the encrypted text file in an encrypted partition.
This is recommended because the encryption used in vi is not very strong.
150 Security Guide
(page 17) and the man page of pam_mount.
Section 11.1.1, "Creating an Encrypted Partition during Installation"
Section 11.1.3, "Creating an Encrypted File as a Container"
Text Files
Chapter 2, Authen-