LUKS encrypt home partition

From wiki.techunit.org
Jump to: navigation, search

Configuration

  • How to encrypt a partition, once your system installed
  • You need to have a separated /home partition (for the demonstration, we will use /dev/sda5)
  • Realized on Debian 8
  • Identify your own partition using fdisk -l
# Install package
aptitude install cryptsetup -y

# Backup your /home
mkdir /homebackup
cp -a /home/* /homebackup

# Encrypt the partition
umount /home
cryptsetup -h sha256 -c aes-xts-plain64 -s 512 luksFormat /dev/sda5
cryptsetup luksOpen /dev/sda5 chome
mkfs.ext4 -m 0 /dev/mapper/chome
  • Edit /etc/crypttab
chome    /dev/sda5    none    luks,timeout=30
  • Edit /etc/fstab
/dev/mapper/chome /home ext4 nodev,nosuid,noatime 0 2
  • Copy your home data back into the encrypted partition
mount /home
cp -a /homebackup/* /home
rm -rf /homebackup

Sources