Encrypt an existing partition in Linux while preserving its data
There does not seem to be an solution to do that in place. Truecrypt offers the system encryption only for windows, dm-crypt overwrites partitions.
Your best bet would be to move everything from that partition into a backup with cp -a
, create an encrypted partition with luks/dm-crypt and move everything back.
Since this comes up near the top of google results, adding solution:
LUKS in place encryption via http://www.johannes-bauer.com/linux/luksipc/
This is trivial if you choose plain dm-crypt
. It's risky - if it fails part-way through (power cut or whatever) then you're stuffed!
Ensure the raw device isn't mounted then create an encrypted device for it and use dd
to copy from the raw device to the encrypted one:
$ cryptsetup open /dev/sda sda-crypt --type plain
$ dd if=/dev/sda of=/dev/mapper/sda-crypt bs=512
The plaintext data is read from /dev/sda
and written to the device mapper, /dev/mapper/sda-crypt
, which encrypts it and writes it back to /dev/sda
, overwriting the plaintext data that was read.
It will likely take some time due to it reading and writing the entire disk.
Actually you can convert from a plain filesystem partition to dm-crypt.
But it's risky and cumbersome.
There is an out-dated tutorial here: https://help.ubuntu.com/community/EncryptedFilesystemHowto7
Dm-crypt maps one block to one block, so in theory it is doable. Luks is a user-friendly container that uses dm-crypt inside it. A luks partition contains a header and a dm-crypt partition inside it, where the encrypted filesystem really lives.
Warnings:
If you choose to go Luks then your task is even harder, and you will need to know exactly how much ahead the dm-crypt data should be with respect to the begining of the official partition.
In any case, if your system crashes or halts during the procedure you loose your data
More references:
http://www.richardneill.org/a22p-mdk11-0.php#encrypt2
http://www.saout.de/tikiwiki/tiki-index.php?page=EncryptExistingDevice