Arch Linux

colbert

Member

Registered: 2007-12-16

Posts: 809

I'd like to begin using encryption

Hey folks, I'd like to start encrypting my hard drive to some degree and maybe even some CD/DVDs with sensitive/work-related information. I really have no idea how to, though I have installed Truecrypt and have been reading its Arch wiki. However, I really do not understand the basic means of encryption-- of for example a hard drive. What exactly is it doing? Is it compressing all files into an image that needs a password to uncompress, or something similar? Please if someone could explain I'd greatly appreciate it

As well as some good tools to encrypt if Truecrypt is not the ideal solution... TIA folks.

mico

Member

From: Slovenia

Registered: 2004-02-08

Posts: 247

Re: I'd like to begin using encryption

For hard disk I suggest LUKS instead.
http://wiki.archlinux.org/index.php/LUKS_Encrypted_Root

You can encrypt all partitions except /boot.

colbert

Member

Registered: 2007-12-16

Posts: 809

Re: I'd like to begin using encryption

Thank you mico, I have just read the beginning of that wiki, but I still do not understand the actual concept of the encryption being used. What exactly is happening? I notice some things mentioning making a virtual drive or something, etc. but all of it is over my head. I'd really like a basic explanation so I can proceed with my understanding and implementation from there before I get into it

gothmog.todi

Member

From: Austria

Registered: 2007-07-18

Posts: 120

Re: I'd like to begin using encryption

https://help.ubuntu.com/community/Encry … ystemHowto

while this is partly outdated (using the old dm_crypt instead of dm_crypt with luks) the theory part might help you understand how encryption works in linux.

For using disk encryption in arch, see also this guide: http://wiki.archlinux.org/index.php/Disk_encryption It doesn't really explain a lot, but uses the latest encryption standards.

Last edited by gothmog.todi (2008-01-08 20:33:25)

krib

Member

From: Finland

Registered: 2006-06-23

Posts: 115

Re: I'd like to begin using encryption

I have been using EncFS for some time now, easy to setup.
EncFS is a Free (GPL'ed) FUSE-based cryptographic filesystem that transparently encrypts files, using an arbitrary directory as storage for the encrypted files.
http://en.wikipedia.org/wiki/Encfs
http://gentoo-wiki.com/TIP_EncFS

Wilson Phillips

Member

From: Vicksburg, MS, USA

Registered: 2007-09-24

Posts: 70

Re: I'd like to begin using encryption

Just remember that encryption uses processor, so encrypt only what you need.

---

Guarantee does not cover shark bite, bear attack, or children under 5.

gothmog.todi

Member

From: Austria

Registered: 2007-07-18

Posts: 120

Re: I'd like to begin using encryption

Just remember that encryption uses processor, so encrypt only what you need.

that is true indeed. It significantly reduces I/O on the hard disk. A few days ago I encrypted my swap partition. Suspend/resume now takes around 50% more time.

WhiteMagic

Member

Registered: 2007-03-01

Posts: 85

Re: I'd like to begin using encryption

Another ressource, quite a bit on the longish side can be found in the gentoo wiki, here. It's not terribly useful for using it with arch but there is a lot of information and links in it.

As for encryption, it basicaly turns plain text into a so called cipher text using some mechanism (mathematical formula) which requires a secret password to encrypt and decrypt data (in the case of symmetrical ciphers, which are used for this kind of encryption).
As an example you could use rot13 Wikipedia - Rot13 where each letter of the alphabet is moved 13 letters forward when encrypting and decrypthing, i.e.

rot13(Hello) = Uryyb

So to get the plaintext (Hello) back from the ciphertext (Uryyb) you need to know that you have to move 13 letters (which in this case is your secret password).

Thats the basic idea, so no compression or anything, your data will have the same size, but to an outsider who doesn't know its encrypted, or doesn't know the password to decrypt it it will just look like garbage.

Then there are mostly two modes of encrypting your data. You can encrypt the whole disk, so that everything on it is encrypted or just some parts, for example a file is encrypted or a partition.
Truecrypt for example allows you to create such files / volumes however you want to call them whos content is encrypted. But you can't do a full harddisk encryption. For this purpose you could use LUKS which does that and there were provided some links to the arch wiki using this tool.

Hope this clarified it a little for you.