# Encrypting home folder.

## dolphinaura

Om interested in encrypting my home folder for security reasons.

I have a few questions

a) is truecrypt the best transparent (i.e. little performance loss) encryption method?

b)is there a way to automatically decrypt as soon as I login through KDM (i.e. supplying correct password in KDM decypts home folder)

c) if not truecrypt, what encryption method should I use?

----------

## monsm

Not sure about other methods, but truecrypt will allow you to select algorithm to use.

The tradeoff as always with these things are between how secure against the performance.  More secure, more CPU goes to encrypt/decrypt, less secure, less CPU use.

So it will also then depend on what sort of hardware you have. Do some googling of algorithms and performance.

Mons

----------

## keba

I wanted to do something similar on my laptop to be safe in case of a theft. But because of performance, I was thinking about only encrypting 3 folders.

I want my emails and addressbook to be secure, as well as 1 folder with important files: .kde4/share/apps/kmail, .kde4/share/apps/kabc and a folder encrypted (where I'll put all files that are private)

Now I'm not sure if this is possible, but I'd mount these 3 folders into another one, and instead of having the folders (like .kde4/share/apps/kmail), I'd have symlinks pointing to the mounted encrypted folder. Anyway, that's my plan, but I haven't tried it yet. I hope that gives you an idea... And I'm not entirely sure yet myself whether to use truecrypt or an encrypted partition with these files on it, using some other linux method.

----------

## forrestfunk81

I encrypted my partitions with cryptsetup-luks. You can find how-to's on the gentoo-wiki. To auto decrypt your partitions on login you can use sys-auth/pam_mount. Its also descripted in the wiki article. The wiki article is also about encrypting your root partition, but you can filter the importent stuff out.

----------

## dolphinaura

finally decided to do it with encfs.

quite easy, and I don't need to encrypt the whole partition.

oh, and btw, the wiki is missing a step for the pam automount

you have to add the pam_mount.so to /etc/pam.d/system-auth

For future reference, these edits need to be made.

/etc/pam.d/system-auth

```

#under (auth) pam_unix.so

auth            optional        pam_mount.so

#under (session) pam_unix.so

session         optional        pam_mount.so

```

----------

