Encrypting home partition

From blag.wiki.aktivix.org

Jump to: navigation, search

UNTESTED........

Run this as root... 

mkdir /root/.gnupg
chmod 700 /root/.gnupg

Set up a key 

openssl rand -base64 32 | gpg -c --cipher-algo TWOFISH > /root/home-key.gpg

Set up the partition with cryptsetup: 

/usr/bin/gpg -q --cipher-algo TWOFISH --decrypt /root/home-key.gpg | \
cryptsetup -v --key-size=256 --cipher=twofish-cbc-essiv:sha256 create home /dev/hda2

Format the new partition: 

mke2fs -j -m0 /dev/mapper/home


Then, to get it to mount on boot, comment out /home in your /etc/fstab, and add this to rc.local: 

echo "Setting up /home..."

/usr/bin/gpg -q --cipher-algo TWOFISH --decrypt /root/home-key.gpg | \
cryptsetup -v --key-size=256 --cipher=twofish-cbc-essiv:sha256 create home /dev/hda2

mount /dev/mapper/home /home
Retrieved from "http://blag.wiki.aktivix.org/Encrypting_home_partition"
Personal tools