Encrypting partitions with cryptsetup
Encrypting Existing Partitions
Cryptsetup has more – many more – options, but these should be enough to show you how to start using encrypted partitions, especially if you only want a vault.
Encrypting an existing directory, such as /home
, is more complicated but is as much a matter of organization as of learning more commands. To encrypt an existing partition, follow these steps:
1. Copy all the files to another partition. As described above, you might want to create a partition of at least equal size.
2. Set up and map the encrypted partition. For convenience, use its existing directory name, such as /home
.
3. Create a passkey file in the /root
directory so that the device automounts at boot with:
touch /root/[MAPPED DEVICE]_passkey && chmod 600 /root/[MAPPED DEVICE]_passkey
4. Map the device with:
cryptsetup luksAddKey /dev/[DEVICE] /root/freeagent_passkey
5. Create a filesystem on the encrypted device.
6. Add the following line to /etc/fstab
:
/dev/mapper/[MAPPED-NAME] [MOUNT POINT]] ext4_netdev 1 1
7. Add the following entry to /etc/crypttab
:
[MAPPED NAME]/dv/ [DEVICE]/[MOUNT POINT]
8. In the case of /home
, copy the hidden files to the encrypted partition, then test by rebooting. If no problems appear, copy the rest of the files to the encrypted version of /home/
.
Encryption, as you can see, is more complicated than checking a box when you tackle it hands-on. However, the amount of control that do-it-yourself encryption can bring will make it worth the effort, because you are getting exactly what you want.
Bruce Byfield
Bruce Byfield is a computer journalist and a freelance writer and editor specializing in free and open source software. In addition to his writing projects, he also teaches live and e-learning courses. In his spare time, Bruce writes about Northwest coast art. You can read more of his work at http://brucebyfield.wordpress.com
Infos
- cryptsetup man page: http://linux.die.net/man/8/cryptsetup
- ECryptfs: https://en.wikipedia.org/wiki/ECryptfs
- EncFS: http://www.arg0.net/#!encfs/c1awt
- Loop-AES: http://sourceforge.net/projects/loop-aes/
- TrueCrypt: https://en.wikipedia.org/wiki/TrueCrypt
- dm-crypt: https://code.google.com/p/cryptsetup/wiki/DMCrypt
- Linux Unified Key Setup: https://en.wikipedia.org/wiki/Linux_Unified_Key_Setup
- cryptsetup download: https://code.google.com/p/cryptsetup/wiki/Downloads?tm=2
« Previous 1 2
Buy this article as PDF
(incl. VAT)
Buy Linux Magazine
Direct Download
Read full article as PDF:
Price $2.95
News
-
Danielle Foré Has an Update for elementary OS 7
Now that Ubuntu 22.04 has been released, the team behind elementary OS is preparing for the upcoming 7.0 release.
-
Linux New Media Launches Open Source JobHub
New job website focuses on connecting technical and non-technical professionals with organizations in open source.
-
Ubuntu Cinnamon 22.04 Now Available
Ubuntu Cinnamon 22.04 has been released with all the additions from upstream as well as other features and improvements.
-
Pop!_OS 22.04 Has Officially Been Released
From the makers of some of the finest Linux-powered desktop and laptop computers on the market comes the latest version of their Ubuntu-based distribution, Pop!_OS 22.04.
-
Star Labs Unveils a New Small Format Linux PC
The Byte Mk I is an AMD-powered mini Linux PC with Coreboot support and plenty of power.
-
MX Linux Verison 21.1 “Wildflower” Now Available
The latest release of the systemd-less MX Linux is now ready for public consumption.
-
Microsoft Expands Their Windows Subsystem for Linux Offerings With AlmaLinux
Anyone who works with Windows Subsystem for Linux (WSL) will now find a new addition to the available distributions, one that’s become the front-runner replacement for CentOS.
-
Debian 11.3 Released wIth Numerous Bug and Security Fixes
The latest point release for Debian Bullseye is now available with some very important updates.
-
The First Alpha of Asahi Linux is Available
Asahi Linux is the first distribution to fully support Apple Silicon and is now available for testing.
-
Zorin OS 16.1 Released with a New Kernel For Better Hardware Compatibility
The developers of Zorin OS have released the latest version of their beautiful desktop Linux OS.