Encrypting your home directory using LUKS on Debian/Ubuntu

Laptops are easily lost or stolen and in order to protect your emails, web passwords, encryption keys, etc., you should really think about encrypting (at least) your home directory.

If you happen to have /home on a separate partition already (/dev/sda5 in this example), then it's a really easy process.

Do the following as the root user:

Install the cryptsetup package:
```
apt install cryptsetup
```
Copy your home directory to a temporary directory on a different partition:
```
mkdir /homebackup
cp -a /home/* /homebackup
```

Encrypt your home partition:

umount /home
cryptsetup -h sha512 -c aes-xts-plain64 -s 512 luksFormat /dev/sda5
cryptsetup luksOpen /dev/sda5 chome
mkfs.ext4 -m 0 /dev/mapper/chome

Add this line to /etc/crypttab:

chome    /dev/sda5    none    luks,timeout=30

Set the home partition to this in /etc/fstab (replacing the original home partition line):
```
/dev/mapper/chome /home ext4 nodev,nosuid,noatime 0 2
```

Copy your home data back into the encrypted partition:

mount /home
cp -a /homebackup/* /home
rm -rf /homebackup

That's it. Next time you boot your laptop, you will be prompted for the passphrase you set in Step 2.

Now to fully secure your laptop against theft, you should think about an encrypted backup strategy for your data...