Encrypted home partition

Encrypting the /home partition on Linux systems is a pretty easy thing to do. The following steps cover the setup on Debian systems.

Please note that encrypting your home is better than nothing but, if you don't have a swap partition encrypted as well, some information may still be recovered. So, either encrypt your swap file too (not covered here) or go without one.

Encrypting the /home partition

Ensure that you have cryptsetup package installed: 

#> aptitude install cryptsetup

Backup the content of your /home directory and unmount the partition: 

#> tar cvf /some/dir/home-backup.tar /home
#> umount /home

Create an encrypted LUKS partition and map it: 

#> cryptsetup luksFormat /dev/sda2
#> cryptsetup luksOpen /dev/sda2 cryptohome

Format the encrypted partition and mount it: 

#> mkfs.ext3 /dev/mapper/cryptohome
#> mount /dev/mapper/cryptohome /home

Restore the content of your <code>/home</code> directory from the backup: 

#> tar xvf /some/dir/home-backup.tar -C /

Update initramfs: 

#> update-initramfs -u

Get the UUID of the encrypted partition: 

#> blkid /dev/sda2

Add an entry in /etc/crypttab: 

cryptohome UUID=<...> none luks

Update /etc/fstab and change the entry for the /home partition: 

/dev/mapper/cryptohome /home ext3 defaults 0 2

Reboot the system and you'll have your home encrypted.

© Alessandro Dotti Contra :: VAT # IT03617481209 :: This site uses no cookies, read our privacy policy for more information.