Encrypted home partition

Encrypting the /home partition on Linux systems is a pretty easy thing to do. The following steps cover the setup on Debian systems.

Please note that encrypting your home is better than nothing but, if you don't have a swap partition encrypted as well, some information may still be recovered. So, either encrypt your swap file too (not covered here) or go without one.

Encrypting the /home partition

Ensure that you have cryptsetup package installed:

   #> aptitude install cryptsetup

Backup the content of your /home directory and unmount the partition:

   #> tar cvf /some/dir/home-backup.tar /home
   #> umount /home

Create an encrypted LUKS partition and map it:

   #> cryptsetup luksFormat /dev/sda2
   #> cryptsetup luksOpen /dev/sda2 cryptohome

Format the encrypted partition and mount it:

   #> mkfs.ext3 /dev/mapper/cryptohome
   #> mount /dev/mapper/cryptohome /home

Restore the content of your /home directory from the backup:

   #> tar xvf /some/dir/home-backup.tar -C /

Update initramfs:

   #> update-initramfs -u

Get the UUID of the encrypted partition:

   #> blkid /dev/sda2

Add an entry in /etc/crypttab:

   cryptohome UUID=<...> none luks

Update /etc/fstab and change the entry for the /home partition:

   /dev/mapper/cryptohome /home ext3 defaults 0 2

Reboot the system and you'll have your home encrypted.