fs encryption after install

[Robert Nichols]

On 02/25/2014 08:50 AM, Pal, Laszlo wrote:
> For the last few days I'm trying to find a way to encrypt at least my
> home directory (preferably everything except boot) without re-install
> Fedora. Unfortunately google does not help in this case... Someone
> suggested to use encrypt-fs but I'm not sure this is the best way to
> achieve this

If you download the cryptsetup SRPM, you will find that there is an
optional cryptsetup_reencrypt tool that can be built.  That tool is
able to add LUKS encryption to an existing partition, but there are
several caveats:
   1) It needs to make space (about 1/2 MB) for the LUKS header at the
      beginning of the partition, so you will have to pre-shrink the
      filesystem so that the data can be rewritten starting at that
      offset.
   2) It obviously cannot work on a mounted filesystem, so you will
      need to boot from some other medium, and there must be persistent
      storage for the state file or else you lose everything if the
      process is interrupted.
   3) It is a long and dangerous process, so a current complete backup
      is very important.

Ensuring that the init procedure can deal with your encrypted partition(s)
is entirely your responsibility.

Whether all that is "quick" and/or "painless" is a matter of opinion.

-- 
Bob Nichols     "NOSPAM" is really part of my email address.
                 Do NOT delete it.