introducing zuluCrypy, my first "real" contribution to FOSS

[AS]

You can not encrypt a usb stick or a cd if you want to boot from it because how would the boot up process decrypt it to load the OS?

Thaaat's the point ! Thank you very much, and excuse my newbieness on the encryption subject! Do you think there is a right way to encrypt the personal data enclosed on a boot-able system in a usb stick ?

Somebody asked this in their mailing list and this a snipped of of the discussion.

The discussion is here: http://www.saout.de/pipermail/dm-crypt/2011-November/002169.html

the answer to your question is in this response: http://www.saout.de/pipermail/dm-crypt/2011-November/002172.html

somebody in the same discussion mention grub2 saying it has capabilities to do that. You can read up on the discussion to find out more.

I haven't evaluated the LiveUSB option, however it's possible to encrypt one or more partition on a USB stick, at least using LUKS based setup, provided that at least /boot will reside on a separate and unencrypted partition.

AS

[Just17]

You can not encrypt a usb stick or a cd if you want to boot from it because how would the boot up process decrypt it to load the OS?

Thaaat's the point ! Thank you very much, and excuse my newbieness on the encryption subject! Do you think there is a right way to encrypt the personal data enclosed on a boot-able system in a usb stick ?

Somebody asked this in their mailing list and this a snipped of of the discussion.

The discussion is here: http://www.saout.de/pipermail/dm-crypt/2011-November/002169.html

the answer to your question is in this response: http://www.saout.de/pipermail/dm-crypt/2011-November/002172.html

somebody in the same discussion mention grub2 saying it has capabilities to do that. You can read up on the discussion to find out more.

I haven't evaluated the LiveUSB option, however it's possible to encrypt one or more partition on a USB stick, at least using LUKS based setup, provided that at least /boot will reside on a separate and unencrypted partition.

AS

The question would seem to be .......  could the 'changes' directory be encrypted, and decrypted during boot - when it is merged with union .....

[AS]

The question would seem to be .......  could the 'changes' directory be encrypted, and decrypted during boot - when it is merged with union .....

Not with the current PClinuxOS-LiveUSB-Creator setup which use a single partition, a different setup i.e. using an additional encrypted partition could be evaluated ... and may be implemented. And no, I'm not going to do this    : encryption will add a little overhead, some would be added from compressed filesystem, other limitations exist in live system like you have already seen, I'm not sure that a live system would be the best choice in this specific case.

AS

[Just17]

The question would seem to be .......  could the 'changes' directory be encrypted, and decrypted during boot - when it is merged with union .....

Not with the current PClinuxOS-LiveUSB-Creator setup which use a single partition, a different setup i.e. using an additional encrypted partition could be evaluated ... and may be implemented. And no, I'm not going to do this    : encryption will add a little overhead, some would be added from compressed filesystem, other limitations exist in live system like you have already seen, I'm not sure that a live system would be the best choice in this specific case.

AS

Nor am I ....  but I thought a changes file (encrypted) might be aboe to be used, whether on same partition or not .........

[muungwana]

using encrypted file seem to be the only alternative as far as the current feature set of the livecd creation tool is concerned but i think its also a better alternative overall, an encrypted file can be moved around, a partition is fixed while contents is both are just as secured.

If a user want to have encrypted data in live image then an encrypted file seem to be the best solution(me think).

[AS]

If a user want to have encrypted data in live image then an encrypted file seem to be the best solution(me think).

Probably yes,
the drawback is that some application might copy part of the data (i.e. while editing a document) to some unencrypted areas, like /tmp, ... not as secure as a whole encrypted system.

[Just17]

If a user want to have encrypted data in live image then an encrypted file seem to be the best solution(me think).

Probably yes,
the drawback is that some application might copy part of the data (i.e. while editing a document) to some unencrypted areas, like /tmp, ... not as secure as a whole encrypted system.

......  but the contents of /tmp disappear on shutdown in a live session .....

[AS]

If a user want to have encrypted data in live image then an encrypted file seem to be the best solution(me think).

Probably yes,
the drawback is that some application might copy part of the data (i.e. while editing a document) to some unencrypted areas, like /tmp, ... not as secure as a whole encrypted system.

......  but the contents of /tmp disappear on shutdown in a live session .....

Yes, senior moment   

[Just17]

If a user want to have encrypted data in live image then an encrypted file seem to be the best solution(me think).

Probably yes,
the drawback is that some application might copy part of the data (i.e. while editing a document) to some unencrypted areas, like /tmp, ... not as secure as a whole encrypted system.

......  but the contents of /tmp disappear on shutdown in a live session .....

Yes, senior moment   

......  so I am not the only one