Laptops are easily lost or stolen and in order to protect your emails, web passwords, encryption keys, etc., you should really think about encrypting (at least) your home directory.

If you happen to have /home on a separate partition already (/dev/sda5 in this example), then it's a really easy process.

Do the following as the root user:

  1. Install the cryptsetup package:

    apt install cryptsetup
  2. Copy your home directory to a temporary directory on a different partition:

    mkdir /homebackup
    cp -a /home/* /homebackup
  3. Encrypt your home partition:

    umount /home
    cryptsetup -h sha512 -c aes-xts-plain64 -s 512 luksFormat /dev/sda5
    cryptsetup luksOpen /dev/sda5 chome
    mkfs.ext4 -m 0 /dev/mapper/chome
  4. Add this line to /etc/crypttab:

    chome    /dev/sda5    none    luks,timeout=30
  5. Set the home partition to this in /etc/fstab (replacing the original home partition line):

    /dev/mapper/chome /home ext4 nodev,nosuid,noatime 0 2
  6. Copy your home data back into the encrypted partition:

    mount /home
    cp -a /homebackup/* /home
    rm -rf /homebackup

That's it. Next time you boot your laptop, you will be prompted for the passphrase you set in Step 2.

Now to fully secure your laptop against theft, you should think about an encrypted backup strategy for your data...