How to transparently encrypt specific folders in home dir on Fedora and KDE
I'm using Fedora Linux 35 + KDE desktop (originally installed 33, and updated as new versions rolled out).
I want to encrypt some folders in the home dir (not the entire home dir) to protect their contents. Folders like ~/.ssh
.
Is there a way to encrypt them in place and transparently, so that when I login, applications just find the folders and use them normally, but the contents are protected from someone who cannot login as my user.
In particular: I do not want to enter a password and mount these directories each time I need them, also, I need to access the contents of these folders in the same address, not mounted somewhere else.
Use the "encrypted folders" widget Plasma provides. Under the hood it uses encfs
.
.ssh
should not be encrypted. It should be accessible for SSH daemon prior to your logging into the system. It has a public file authorized_keys
, which is where you deploy public keys allowed to be used to authenticate to this machine using more secure key-based authentication. The protection to private keys stored in the .ssh
is done per key by the SSH itself; those are encrypted with the key derived from the passphrase.
For obvious reasons, there are other directories which should be available to the system before you had any chance to initiate decryption, like the KDE configuration itself. This is like the "chicken-and-egg" problem, I think. So you can not encrypt any of these as yourself; it can be done during the boot ("by the root"), but this will be availavble to any user of the system.