On 02/25/2014 08:50 AM, Pal, Laszlo wrote:
For the last few days I'm trying to find a way to encrypt at least my
home directory (preferably everything except boot) without re-install
Fedora. Unfortunately google does not help in this case... Someone
suggested to use encrypt-fs but I'm not sure this is the best way to
achieve this
If you download the cryptsetup SRPM, you will find that there is an
optional cryptsetup_reencrypt tool that can be built. That tool is
able to add LUKS encryption to an existing partition, but there are
several caveats:
1) It needs to make space (about 1/2 MB) for the LUKS header at the
beginning of the partition, so you will have to pre-shrink the
filesystem so that the data can be rewritten starting at that
offset.
2) It obviously cannot work on a mounted filesystem, so you will
need to boot from some other medium, and there must be persistent
storage for the state file or else you lose everything if the
process is interrupted.
3) It is a long and dangerous process, so a current complete backup
is very important.
Ensuring that the init procedure can deal with your encrypted partition(s)
is entirely your responsibility.
Whether all that is "quick" and/or "painless" is a matter of opinion.
--
Bob Nichols "NOSPAM" is really part of my email address.
Do NOT delete it.
--
users mailing list
users@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
Have a question? Ask away: http://ask.fedoraproject.org
