On 14.11.2021 21:32, Carlos E. R. wrote:
On 14/11/2021 17.27, Marco Calistri wrote:
Hello,
I collected very few documentation regarding file-system encryption on Linux.
I understand that it must be done at format stage and not after the FS has been sized and installed, in order to prevent data loss.
I would BTW like to ask here if, in case I decide to encrypt just my /home dir (separated partition) with the existing data it contains, which risks I'm gonna to face.
Can not be done.
Actually it can. LUKS2 even supports in place encryption natively (cryptsetup reencrypt), for LUKS1 there were external tools. Of course, using them without full backup is strongly not recommended.
It is not that it is a risk, it is that the procedure erases the partition.
Ok, it is not always erased. But say you could "read" the non erased data, what was an 'A' in the first by could now be a 'W', and what was an 'A' in the second position now decodes as a 'P'. So the partition is formated, ie, all sectors marked empty.
And one of the procedures does erase the partition by filling it first with random data.
So, if you want to encrypt your /home, first make a complete backup of it.