
There are many dangers to your personal data, but there are universal protection methods, such as keeping your home personal computer away from third parties and minors, or using a PIN code to unlock your phone screen. There is another effective method – creating a message in such a way that only the person to whom it is addressed can read it. You can protect yourself from embarrassing situations and mistakes in advance by saving information in encrypted form.
Disk encryption protects files by preventing access to the operating system. This allows you to protect the content from being infected by malicious programs that can bypass authorization when entering the operating system. It is also a data protection tool that encrypts the contents of a computer’s hard drive and makes files unreadable by unauthorized users. The encryption process uses a specific key. The correct key decrypts the contents and allows the files to be read.
It happens that for some reason you forgot to encrypt the disk when installing the distribution. But later you needed to encrypt it. By default, the LUKS cryptsetup utility is used for encryption in Linux. And if she wants to encrypt a partition, she needs to copy the data from it somewhere, create a LUKS device, create a new file system on the connected LUKS device, copy all the data back. This is very problematic. Fortunately there is a luksipc utility that serves to convert (unencrypted) block devices to (encrypted) LUKS devices in place (hence the name LUKS in-place conversion). This means that the conversion is done without having to copy all the data anywhere, playing the entire disc. Instead, the process boils down to:
unmounting the file system;
perform encryption using Luksipc;
resizing the file system to shrink;
adding user keys to the LUKS key chain.
So, let’s begin. (I strongly recommend you make a backup first).
2. First of all, let’s reduce the size of the file system. In the case of ext4, it’s done like this (I’ll keep everything on the /dev/sda2 partition). Let’s see how many blocks are on the device:
5. Well, now let’s get down to encryption. luksipc will create a key file /root/initial_keyfile.bin that can be used to access the newly created LUKS device.
6. One thing you should definitely do is add the key you want to use for your device, possibly deleting the original key file afterwards: