Install needed crypto stuff
apt-get install cryptsetup libpam-mount
Create your partition as normal, for the example we use /dev/sdb4
gparted
If you don't restart your system you probably will get errors, though you may not. If you skip this step I will not try to support your problems/questions/comments.
(dd if=/dev/random of=/dev/sdb4, put random charactors over your partition if you really really want security by making it impossible to figure out what is and is not data)
Start creating the encryption mapping
cryptsetup --verbose --verify-passphrase luksFormat /dev/sdb4
Now check the info on your new encrypted setup!
cryptsetup luksDump /dev/hda3
You should be using slot 0 for your key but you can store up to 8 keys there. (0-7)
Check mapper device.
ls /dev/mapper/
"control"
Now we unlock
cryptsetup luksOpen /dev/sdb4 MyFolder
"Enter LUKS passphrase: "
"key slot 0 unlocked."
"Command successful."
Partition your encrypted system.
mkfs.reiserfs -l home /dev/mapper/MyFolder
Mow mount your encrypted folder!
mount /dev/mapper/MyFolder /MySecretFolder/
To close it at any time
cryptsetup luksClose home
If you want to mount it as home do the following 2 things.
Add this to both /etc/pam.d/common-auth and
/etc/pam.d/common-session
@include common-pammount
Add this to /etc/pam.d/common-session
volume yourusernamehere crypt - /dev/sdb4 /home cipher=aes - -
To add users/keys
cryptsetup luksAddKey /dev/sdb4
To delete keys
cryptsetup luksDelKey /dev/sdb4 0
This information was ripped from a "secureme.sh" shell script originally released under the WTFPL licence. I was asked to help work on this shell script and thought that it might be nice to post it on the forums here. It is reported to work on debian etch 4.0 as well as Elive Gem and Ubuntu 7.04
If anyone tries it and has problems please append all avaliable information in the form of a reply.