encrypting home directory using LUKS on Debian
November 10, 2015 - Reading time: 2 minutes

If you happen to have /home on a separate partition already (/dev/sda5 in this example), then it's a really easy process.

Do the following as the root user:

  1. Install the cryptsetup package:

    apt install cryptsetup

  2. Copy your home directory to a temporary directory on a different partition:

    mkdir /homebackup
cp -a /home/* /homebackup

  3. Encrypt your home partition:

    umount /home
cryptsetup -h sha512 -c aes-xts-plain64 -s 512 luksFormat /dev/sda5
cryptsetup luksOpen /dev/sda5 chome
mkfs.ext4 -m 0 /dev/mapper/chome

  4. Add this line to /etc/crypttab:

    chome    /dev/sda5    none    luks,timeout=30

  5. Set the home partition to this in /etc/fstab (replacing the original home partition line):

    /dev/mapper/chome /home ext4 nodev,nosuid,noatime 0 2

  6. Copy your home data back into the encrypted partition:

    mount /home
cp -a /homebackup/* /home
rm -rf /homebackup

That's it. Next time you boot your laptop, you will be prompted for the passphrase you set in Step 2.

About

A personal repository of GNU/Linux hints, recipes and everyday troubleshooting.

Search

Resources

Linked Notes

Domains

Recent

Tags