Why /dev/urandom and not /dev/random? The latter blocks until it got enough entropy to continue, urandom don’t. So if you use random instead urandom you might have to wait during boot until enough entropy is collected. (It does help to type your keyboard and move the mouse.) Use /dev/random if you’re really paranoid.
Next, change your swap entry in /etc/fstab to this:
# vi /etc/fstab
…
/dev/mapper/cryptoswap /tmp swap sw 0 0
For every time we boot, swap will be encrypted with a different encryption key.
Step 4: Test it.
Reboot to test.
We now have an encrypted swap:
# cat /proc/swaps
Filename Type SizeUsedPriority
/dev/mapper/cryptoswap partition20000840-1
# cryptsetup status cryptoswap
/dev/mapper/cryptoswap is active:
cipher: aes-cbc-essiv:sha256
keysize: 256 bits
device: /dev/sda5
offset: 0 sectors
size: 4000185 sectors
mode: read/write
Good. Now we’re safe right?
Part II: Creating and setting up an encrypted home partition
Step 1: Fill your soon-to-be home partition with random data.
When you now reboot, the boot process is interrupted asking you for the LUKS password. If you type it correctly, the home partition is mounted. When you now log in, you will have an encrypted home partition ready waiting for you.
Now mount the Home Dir and move over the data
We start by closing and reopen the encrypted partition before we mount it:
# cryptsetup luksOpen /dev/sda6 cryptohome
Enter LUKS passphrase:
key slot 0 unlocked.
Command successful.
# mount /dev/mapper/cryptohome /mnt/cryptohome
Now its mounted and you can move over the data with Krusader
first
# mkdir /mnt/cryptohome/andreas
# chown andreas:andreas /mnt/cryptohome/andreas
After the move immediadently reboot and after the boot the new hone should be mounted and started.
Congratulation, you now have an encrypted swap and home partition!
Prerequisit is that the Home directory is configured as a separate partition. (ex. /dev/sda6)
Install truecrypt from the Truecrypt website following the instructions there.
If you never worked before with tryecrypt please read the Docs http://www.truecrypt.org/docs/ about truecrypt and howto encrypt a partition.In my case if I check with
# sudo fidsk -l I’ll get the following output of my layout.
Disk /dev/sda: 8069 MB, 8069677056 bytes
255 heads, 63 sectors/track, 981 cylinders
Units = cylinders of 16065 * 512 = 8225280 bytes
Disk identifier: 0x0000cbe0
Device Boot Start End Blocks Id System
/dev/sda1 * 1 632 5076508+ 83 Linux
/dev/sda2 633 981 2803342+ 5 Extended
/dev/sda5 633 717 682731 82 Linux swap / Solaris
/dev/sda6 718 981 2120548+ 83 Linux
so my /home partition is /dev/sda6 and swap is /dev/sda5
I have encrypted my /dev/sda6 and Truecrypt created a /dev/mapper/truecrypt1 device
now I need to add this volume to be started at boot with the gui.
# sudo gedit /etc/gdm/Init/Default is the best place for this.
here I added the following lines in line 2 after #!/bin sh
mv /home /home2
#this is to move the home data so it wont disappear and wast space on root. This needs to be removed before the next boot
truecrypt /dev/sda6 /home
(or any other mountpoint if you like to test it first. But you need to move the data before you can reboot the system)
From now on at the boot you will be asked for your encryption password before it mounts the volume.
I suggest before the reboot we now copy your original /home data
for temporary mount the partition we use:
# sudo mount /dev/mapper/truecrypt1 /mnt
# cp /home /mnt
check the data
# ls -al /mnt
Now we can reboot the system. After the reboot the system will move the /home to /home2 to be available and ask you before the login for your encryption password.
Now we need to remove the entry for the move and the /home2 if you want to get rid of it.
# sudo gedit /etc/gdm/Init/Default
remove:
mv /home /home2
#this is to move the home data so it wont disappear and wast space on root. This needs to be removed before the next boot
We use cookies on our website to give you the most relevant experience by remembering your preferences and repeat visits. By clicking “Accept”, you consent to the use of ALL the cookies.
This website uses cookies to improve your experience while you navigate through the website. Out of these, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may affect your browsing experience.
Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.