On 02/25/2014 08:50 AM, Pal, Laszlo wrote:
For the last few days I'm trying to find a way to encrypt at least my home directory (preferably everything except boot) without re-install Fedora. Unfortunately google does not help in this case... Someone suggested to use encrypt-fs but I'm not sure this is the best way to achieve this
If you download the cryptsetup SRPM, you will find that there is an optional cryptsetup_reencrypt tool that can be built. That tool is able to add LUKS encryption to an existing partition, but there are several caveats: 1) It needs to make space (about 1/2 MB) for the LUKS header at the beginning of the partition, so you will have to pre-shrink the filesystem so that the data can be rewritten starting at that offset. 2) It obviously cannot work on a mounted filesystem, so you will need to boot from some other medium, and there must be persistent storage for the state file or else you lose everything if the process is interrupted. 3) It is a long and dangerous process, so a current complete backup is very important. Ensuring that the init procedure can deal with your encrypted partition(s) is entirely your responsibility. Whether all that is "quick" and/or "painless" is a matter of opinion. -- Bob Nichols "NOSPAM" is really part of my email address. Do NOT delete it. -- users mailing list users@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org