Encrypted home partition

Encrypting the /home partition on Linux systems is a pretty easy thing to do. The following steps cover the setup on Debian systems.

Please note that encrypting your home is better than nothing but, if you don't have a swap partition encrypted as well, some information may still be recovered. So, either encrypt your swap file too (not covered here) or go without one.

Encrypting the /home partition

Ensure that you have cryptsetup package installed:

#> aptitude install cryptsetup

Backup the content of your /home directory and unmount the partition:

#> tar cvf /some/dir/home-backup.tar /home
#> umount /home

Create an encrypted LUKS partition and map it:

#> cryptsetup luksFormat /dev/sda2
#> cryptsetup luksOpen /dev/sda2 cryptohome

Format the encrypted partition and mount it:

#> mkfs.ext3 /dev/mapper/cryptohome
#> mount /dev/mapper/cryptohome /home

Restore the content of your <code>/home</code> directory from the backup:

#> tar xvf /some/dir/home-backup.tar -C /

Update initramfs:

#> update-initramfs -u

Get the UUID of the encrypted partition:

#> blkid /dev/sda2

Add an entry in /etc/crypttab:

cryptohome UUID=<...> none luks

Update /etc/fstab and change the entry for the /home partition:

/dev/mapper/cryptohome /home ext3 defaults 0 2

Reboot the system and you'll have your home encrypted.

© Alessandro Dotti Contra :: VAT # IT03617481209 :: This site uses no cookies, read our privacy policy for more information.