setting up an encrypted home directory (on gentoo)
From thelinuxwiki
mybox ~ # ls /dev/sd* /dev/sda /dev/sda1 /dev/sda2 /dev/sdb
install a kernel with needed dev mapper / crypto support (steps not covered here)
install cryptsetup package
mybox ~ # emerge -av --quiet cryptsetup
create a linux partition to encrypt
mybox ~ # fdisk /dev/sdb
mine looked like this...
Command (m for help): p
Device Boot Start End Blocks Id System /dev/sdb1 2048 41943039 20970496 83 Linux
encrypt the partition, set the passphrase (used to unlock it)
mybox ~ # cryptsetup -c aes-xts-plain -s 512 -v -y luksFormat /dev/sdb1
WARNING! ======== This will overwrite data on /dev/sdb1 irrevocably.
Are you sure? (Type uppercase yes): YES Enter LUKS passphrase: Verify passphrase: Command successful.
move your home directory
mybox home # mv /home/ /home_backup/
open the encrypted partition and create dev mapper entry
mybox home # cryptsetup luksOpen /dev/sdb1 home Enter passphrase for /dev/sdb1:
make your filesystem
mybox home # mkfs.ext4 /dev/mapper/home
now you can mount it :)
mybox home # mount /dev/mapper/home /home
copy your saved home dir data to the new encrypted home partition
mybox home # rsync -pav /home_backup/ /home/
configure you box to open the new home drive on boot. You will be prompted for the password set above on every boot.
mybox home # vi /etc/conf.d/dmcrypt
added lines... target=home source='/dev/sdb1'
configure dmcrypt service to load on boot
mybox home # rc-update add dmcrypt boot * service dmcrypt added to runlevel boot
configure fstab to mount home on boot
mybox home # vi /etc/fstab
added or alter home line... /dev/mapper/home /home ext4 noatime 0 0
mybox home # cryptsetup luksAddKey /dev/sdb1 /root/hdpw Enter any passphrase:
All done! enjoy your new, secure computing environment.
mybox home # reboot