Alessandro Dotti Contra

Linux/Unix DevOps


Encrypted /home partition

Encrypting the /home partition on Linux systems is a pretty easy thing to do. The following steps cover the setup on Debian systems.

Please note that encrypting your home is better than nothing but, if you don't have a swap partition encrypted as well, some information may still be recovered. So, either encrypt your swap file too (not covered here) or go without one.

Encrypting the /home partition

Ensure that you have cryptsetup package installed:

#> aptitude install cryptsetup

Backup the content of your /home directory and unmount the partition:

#> tar cvf /some/dir/home-backup.tar /home
#> umount /home

Create an encrypted LUKS partition and map it:

#> cryptsetup luksFormat /dev/sda5
#> cryptsetup luksOpen /dev/sda5 cryptohome

Format the encrypted partition and mount it:

#> mkfs.ext3 /dev/mapper/cryptohome
#> mount /dev/mapper/cryptohome /home

Restore the content of your /home directory from the backup:

#> tar xvf /some/dir/home-backup.tar -C /

Update initrd:

#> update-initramfs -u

Create an entry for the encrypted partition in /etc/crypttab:

cryptohome /dev/sda2 none luks

Update /etc/fstab and change the entry for the /home partition:

/dev/mapper/cryptohome /home ext3 defaults 0 2

Reboot the system and you'll have your home encrypted.