---

Encrypted home partition on Linux systems

Encrypting the /home partition on Linux systems is a pretty easy thing to do. The following steps covers the setup on Debian systems.

Please note that encrypting your home is better than nothing but, if you don't have a swap partition encrypted as well, some information may still be recovered. So, either encrypt your swap file too (not covered here) or go without one.

Encrypting the home partition

Ensure that you have cryptsetup package installed:

#> aptitude install cryptsetup

Backup the content of your /home directory and unmount the partition:

#> tar cvf /some/dir/home-backup.tar /home
#> umount /home

Create an encrypted LUKS partition and map it:

#> cryptsetup luksFormat /dev/sda5
#> cryptsetup luksOpen /dev/sda5 cryptohome

Format the encrypted partition and mount it:

#> mkfs.ext3 /dev/mapper/cryptohome
#> mount /dev/mapper/cryptohome /home

Restore the content of your /home directory from the backup:

#> tar xvf /some/dir/home-backup.tar -C /

Update initrd:

#> update-initramfs -u

Create an entry for the encrypted partition in /et/crypttab:

cryptohome /dev/sda2 none luks

Update /etc/fstab and change the entry for the /home partition:

/dev/mapper/cryptohome /home ext3 defaults 0 2

Reboot the system and you'll have your home encrypted.

© 2008 Alessandro Dotti Contra :: Unless otherwise stated, the content of this website is released under a Creative Commons License.