Encrypting partitions with cryptsetup

Simple Security

Article from Issue 171/2015
Author(s):

Modern installers offer the option of encryption with just a few clicks, but you might want to take control of the process. We show how to encrypt your partitions safely without sacrificing convenience.

The easiest time to encrypt a partition is when installing your operating system. Usually, you don't have to juggle existing partitions or even think about the process: Just click an option, and many modern installers take care of the rest. By contrast, encryption after installation is more complex, although it's still possible, as long as you work systematically.

Because modern installers routinely give the option of encryption, you might think it an unalloyed good. What could possibly go wrong with concealing your data from intruders? The simple answer is: a lot.

For one reason, all forms of encryption reduce performance, which means that encryption might not be suitable for older or less powerful machines. For another, if an encrypted filesystem becomes corrupted, recovery becomes more complicated – especially if you have encrypted the entire drive. The man page for cryptsetup [1] can give all sorts of other worries to test your nerves, ranging from corrupted headers, to problems when character encoding changes, to lingering problems caused by insufficiently wiped data.

[...]

Use Express-Checkout link below to read the full article (PDF).

Buy this article as PDF

Download Article PDF now with Express Checkout
Price $2.95
(incl. VAT)

Buy Linux Magazine

SINGLE ISSUES
Print Issues
Digital Issues
SUBSCRIPTIONS
Print Subscriptions
Digital Subscriptions

Related content

  • DM-Crypt/ LUKS

    Encrypting a home directory is easy. Encrypting your whole hard disk – including the root filesystem – takes a little more effort.

    more »
  • DM-Crypt

    If you’re serious about keeping secrets, try hard disk encryption with DM-Crypt and LUKS.

    more »
  • Encrypting Block Devices

    The recent revelations about NSA spying have sparked renewed interest in data encryption. Encrypting at the file level is quick and easy, but if you're looking for an extra dose of protection, try encrypting the whole block device.

    more »
  • Encrypting USB Sticks

    How easy is it to lose a USB stick? Why not protect your data just in case the stick falls into unfriendly hands?

    more »
  • Encrypting with ZFS

    When a computer is lost, your data falling into the wrong hands is often more serious than the loss of hardware. In this article, we explain how to use LUKS and ZFS to encrypt a system so you can keep your privacy when you lose your laptop.

    more »
comments powered by Disqus
Subscribe to our Linux Newsletters
Find Linux and Open Source Jobs
Subscribe to our ADMIN Newsletters

Support Our Work

Linux Magazine content is made possible with support from readers like you. Please consider contributing when you’ve found an article to be beneficial.

Learn More

News

Tag Cloud

Administration Community Desktop Events Hardware Linux Mobile Programming Security Software Ubuntu Web Development Windows free software open source