Right now, I'm running Karmic with an unencrypted home folder sharing a partition with my system files. I'd like to change all that, but I have no idea where to start. Should I move my home folder to its own partition first, to easily perform a clean install? Should I back up my data, repartition my disk, then perform a fresh encrypted install? I'm stumped.
In what order should I transfer my home folder to its own partition, encrypt my data, and migrate to Ubuntu 10.04 to minimize my downtime and protect my data?
From an information security perspective, the safest course of action is:
All the while remembering that the weakest point in any crypto system is the human element. Choose a good passphrase, and use a different passphrase for each encrypted filesystem (this is not like "use a different password for each website", this is a serious infosec matter, identical keys on independent but related data sets is a serious cryptographic no-no and risks very real cryptanalytic attacks).
1) transfer you home folder to its home partition, 2) fresh install and in manual partitioning set your data to /home, 3) in the installer set your username to match your /home/username select encryption
My only concern is that the installer may have trouble encrypting an existing account's data, even possibly damage it. That's a slim chance, but if you go down that path make sure to backup your data to an external source just in case.
The other option, and one I've tried, is to backup your data, fresh install, and in the partitioner create /home and select encryption. After installation transfer your data into /home.