Recently I came to him to encrypt the partition / Home laptop.
On it, in fact, there are many many many personal information, and the loss (or abduction) of this `friend 'might be suffering even more knowing that everyone can read my data without too much difficulty.
From all the material that I found online, I have developed a simple and efficient for my purpose.
The first thing to do is install Ubuntu in the usual way, leaving plenty of unpartitioned space on the disk.
I, for example, I created a partition `root` / dev/hda1 ext3 from 10 GiB, a swap partition `` / dev/hda3 from 1.2 GiB and I left all the free space is not ` `partitioned. The space will be used by / home encrypted `/ dev/hda2`.
After installing the system, and configured everything very nicely, I installed the package `cryptsetup`.
Later, I modified the file `/ etc / modules' adding:
... aes-i586 dm_mod dm_crypt ...
and I loaded the modules to be able to properly use various tools.
I also created the partition '/ dev/hda2' giving all the free space, and formatted with a filesystem with LUKS encrypted command: $ sudo
luksFormat-t ext3 / dev/hda2
After typing the password (nice long) and you format the file system, I modified the file `/ etc / crypttab` so that it contained:
... home / dev/hda2 ninth luks ...
Then I also changed the file `/ etc / fstab` adding the newly created partition:
... UUID = uuid_della_nuova_partizione / home ext3 defaults, errors = remount-ro 0 1 ...
uuid_della_nuova_partizione `where` it is calculated as:
vol_id $ sudo-u / dev / mapper / home
In this way, to boot automatically prompted to enter your password to mount the encrypted device.
Now, before you reboot, it is good to temporarily mount the encrypted device on / mnt and copy all the current content of the folder / home.
addition, you can also encrypt the swap partition the same way.
Add to your `/ etc / crypttab is the content:
... swap / dev/hda3 / dev / random swap ...
and add (or edit the entry) to `/ etc / fstab is the value (without UUID):
... / Dev / mapper / swap none swap sw 0 0 ...
Finally, unmount the swap-a swapoff and destroy its contents with: $ sudo
dd if = / dev / urandom of = / dev/hda3 count = 100
Now, reboot the machine and you enjoy the home and swap partitions encrypted!
0 comments:
Post a Comment