[dm-crypt] Can I encrypt an already existing, non-empty partition to use LUKS?

Milan Broz gmazyland at gmail.com
Mon Sep 9 21:36:30 CEST 2013


On 09/09/2013 08:26 PM, Enda wrote:
> https://code.google.com/p/cryptsetup/wiki/FrequentlyAskedQuestions
> 
> The FAQ says "there is no converter, and it is not really needed."
> 
> 
> I already have a backup of my data, and I could wipe all the files on
> the drive with luks and then restore from backup but I would prefer
> to keep the files on the drive in case something happened to the
> backup files.>
> Is it possible to encrypt an already existing, non-empty partition to use LUKS?

Well, there is a way. It is not in-place encryption (the data are shifted) so you need
reserve some space in the end of device (either by increasing partition or
by shrinking the filesystem a little bit).

Read http://asalor.blogspot.cz/2012/08/re-encryption-of-luks-device-cryptsetup.html
and man page of cryptsetup-reencrypt.

And do not try it without backup, reencrypting is still experimental thing.

Milan


More information about the dm-crypt mailing list