Encrypting partitions with cryptsetup
Encrypting Existing Partitions
Cryptsetup has more – many more – options, but these should be enough to show you how to start using encrypted partitions, especially if you only want a vault.
Encrypting an existing directory, such as /home
, is more complicated but is as much a matter of organization as of learning more commands. To encrypt an existing partition, follow these steps:
1. Copy all the files to another partition. As described above, you might want to create a partition of at least equal size.
2. Set up and map the encrypted partition. For convenience, use its existing directory name, such as /home
.
3. Create a passkey file in the /root
directory so that the device automounts at boot with:
touch /root/[MAPPED DEVICE]_passkey && chmod 600 /root/[MAPPED DEVICE]_passkey
4. Map the device with:
cryptsetup luksAddKey /dev/[DEVICE] /root/freeagent_passkey
5. Create a filesystem on the encrypted device.
6. Add the following line to /etc/fstab
:
/dev/mapper/[MAPPED-NAME] [MOUNT POINT]] ext4_netdev 1 1
7. Add the following entry to /etc/crypttab
:
[MAPPED NAME]/dv/ [DEVICE]/[MOUNT POINT]
8. In the case of /home
, copy the hidden files to the encrypted partition, then test by rebooting. If no problems appear, copy the rest of the files to the encrypted version of /home/
.
Encryption, as you can see, is more complicated than checking a box when you tackle it hands-on. However, the amount of control that do-it-yourself encryption can bring will make it worth the effort, because you are getting exactly what you want.
Bruce Byfield
Bruce Byfield is a computer journalist and a freelance writer and editor specializing in free and open source software. In addition to his writing projects, he also teaches live and e-learning courses. In his spare time, Bruce writes about Northwest coast art. You can read more of his work at http://brucebyfield.wordpress.com
Infos
- cryptsetup man page: http://linux.die.net/man/8/cryptsetup
- ECryptfs: https://en.wikipedia.org/wiki/ECryptfs
- EncFS: http://www.arg0.net/#!encfs/c1awt
- Loop-AES: http://sourceforge.net/projects/loop-aes/
- TrueCrypt: https://en.wikipedia.org/wiki/TrueCrypt
- dm-crypt: https://code.google.com/p/cryptsetup/wiki/DMCrypt
- Linux Unified Key Setup: https://en.wikipedia.org/wiki/Linux_Unified_Key_Setup
- cryptsetup download: https://code.google.com/p/cryptsetup/wiki/Downloads?tm=2
« Previous 1 2
Buy this article as PDF
(incl. VAT)