Encrypting partitions with cryptsetup

Encrypting Existing Partitions

Cryptsetup has more – many more – options, but these should be enough to show you how to start using encrypted partitions, especially if you only want a vault.

Encrypting an existing directory, such as /home, is more complicated but is as much a matter of organization as of learning more commands. To encrypt an existing partition, follow these steps:

1. Copy all the files to another partition. As described above, you might want to create a partition of at least equal size.

2. Set up and map the encrypted partition. For convenience, use its existing directory name, such as /home.

3. Create a passkey file in the /root directory so that the device automounts at boot with:

touch /root/[MAPPED DEVICE]_passkey && chmod 600 /root/[MAPPED DEVICE]_passkey

4. Map the device with:

cryptsetup luksAddKey /dev/[DEVICE] /root/freeagent_passkey

5. Create a filesystem on the encrypted device.

6. Add the following line to /etc/fstab:

/dev/mapper/[MAPPED-NAME] [MOUNT POINT]] ext4_netdev 1 1

7. Add the following entry to /etc/crypttab:


8. In the case of /home, copy the hidden files to the encrypted partition, then test by rebooting. If no problems appear, copy the rest of the files to the encrypted version of /home/.

Encryption, as you can see, is more complicated than checking a box when you tackle it hands-on. However, the amount of control that do-it-yourself encryption can bring will make it worth the effort, because you are getting exactly what you want.

Bruce Byfield

Bruce Byfield is a computer journalist and a freelance writer and editor specializing in free and open source software. In addition to his writing projects, he also teaches live and e-learning courses. In his spare time, Bruce writes about Northwest coast art. You can read more of his work at http://brucebyfield.wordpress.com

Buy this article as PDF

Express-Checkout as PDF
Price $2.95
(incl. VAT)

Buy Linux Magazine

Get it on Google Play

US / Canada

Get it on Google Play

UK / Australia

Related content

  • DM-Crypt/ LUKS

    Encrypting a home directory is easy. Encrypting your whole hard disk – including the root filesystem – takes a little more effort.

  • DM-Crypt

    If you’re serious about keeping secrets, try hard disk encryption with DM-Crypt and LUKS.

  • Encrypting Block Devices

    The recent revelations about NSA spying have sparked renewed interest in data encryption. Encrypting at the file level is quick and easy, but if you're looking for an extra dose of protection, try encrypting the whole block device.

  • Encrypting USB Sticks

    How easy is it to lose a USB stick? Why not protect your data just in case the stick falls into unfriendly hands?

  • Encrypting with ZFS

    When a computer is lost, your data falling into the wrong hands is often more serious than the loss of hardware. In this article, we explain how to use LUKS and ZFS to encrypt a system so you can keep your privacy when you lose your laptop.

comments powered by Disqus
Subscribe to our Linux Newsletters
Find Linux and Open Source Jobs
Subscribe to our ADMIN Newsletters

Support Our Work

Linux Magazine content is made possible with support from readers like you. Please consider contributing when you've found an article to be beneficial.