setting up an encrypted home directory (on gentoo)

From thelinuxwiki
Revision as of 17:29, 12 April 2013 by Nighthawk (Talk | contribs)

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search

mybox ~ # ls /dev/sd* /dev/sda /dev/sda1 /dev/sda2 /dev/sdb

install a kernel with needed dev mapper / crypto support (steps not covered here)

install cryptsetup package

mybox ~ # emerge -av --quiet cryptsetup

create a linux partition to encrypt

mybox ~ # fdisk /dev/sdb
mine looked like this...
Command (m for help): p
   Device Boot      Start         End      Blocks   Id  System
   /dev/sdb1            2048    41943039    20970496   83  Linux

encrypt the partition, set the passphrase (used to unlock it)

mybox ~ # cryptsetup -c aes-xts-plain -s 512 -v -y luksFormat /dev/sdb1
   WARNING!
   ========
   This will overwrite data on /dev/sdb1 irrevocably.
   Are you sure? (Type uppercase yes): YES
   Enter LUKS passphrase: 
   Verify passphrase: 
   Command successful.

move your home directory

 mybox home # mv /home/ /home_backup/

open the encrypted partition and create dev mapper entry

   mybox home # cryptsetup luksOpen /dev/sdb1 home
   Enter passphrase for /dev/sdb1: 


make your filesystem

   mybox home # mkfs.ext4 /dev/mapper/home

now you can mount it :)

   mybox home # mount /dev/mapper/home /home

copy your saved home dir data to the new encrypted home partition

   mybox home # rsync -pav /home_backup/ /home/

configure you box to open the new home drive on boot. You will be prompted for the password set above on every boot.

   mybox home # vi /etc/conf.d/dmcrypt 
   added lines...
   target=home
   source='/dev/sdb1'
   

configure dmcrypt service to load on boot

   mybox home # rc-update add dmcrypt boot
    * service dmcrypt added to runlevel boot

configure fstab to mount home on boot

    mybox home # vi /etc/fstab
    added or alter home line...
    /dev/mapper/home    /home    ext4    noatime         0 0
mybox home # cryptsetup luksAddKey /dev/sdb1 /root/hdpw
Enter any passphrase: 

All done! enjoy your new, secure computing environment.

mybox home # reboot