How to encrypt your disk in Linux
Encrypting your Linux computer will help you to prevent unauthorized access to your data. There are many ways in which your information can be compromised, so it is important to take the necessary measures to reduce the risks. In order to protect your data from eavesdroppers and intruders, Linux disk encryption is the best solution. With encryption, you can secure your data by making it unreadable to others. It is protected with an encryption key and it is only possible to access it by entering this key. Before going through the methods and steps to encrypt your disk in Linux, let’s find out more about disk encryption and its benefits, as well as its downsides.
Disk encryption
This fantastic security method aims to keep your data protected from threats, by saving it in an unreadable coded form. A password is established to secure the data and only someone with the encryption password can access the disk. Encryption protects all the files and folders, and disk volume and it is only possible to decrypt them when the authorized user enters the key.
Advantages for disk encryption
Encryption has become important for many people and the majority of computers available today can protect the data stored on the disk. When you secure your disk using protection, you can expect the below advantages.
- You can prevent unauthorized access to your data, in case you are sharing the computer, or if it gets stolen.
- When the whole disk is encrypted, all the files, folders and temporary files are secured. This means that everything on the disk is protected with encryption.
- Since every single file and folder is protected when full disk encryption is applied, nothing will be left unsecured. Full disk encryption is more secure than encrypting individual files and folders as with the second option there is a risk that something important is not encrypted.
Downsides of disk encryption
- Disk encryption can only protect your data from those who may have physical access to your computer. However, it can’t keep you safe from cyber attacks so your computer could still be targeted by malware and other online threats.
- Your computer would still be vulnerable to viruses and worms, and it can still get infected if you access malicious websites and applications. The services running on your computer can still be used by hackers who try to break into your system.
- In addition, your online activities can still be monitored by the government and all your internet traffic can be under surveillance. Overall, while encrypting your disk can help you to prevent unauthorized access in cases when someone you don’t trust can get physical access to your computer, there are additional measures needed to secure your information. In order to protect your privacy when you are navigating the internet, it is advisable to use a VPN service to encrypt your online traffic.
Method to encrypt your disk in Linux
There are two categories of Linux disk encryption. The first one is Stacked filesystem encryption and the second one is Block device encryption. In the first case, a layer that stacks on top of an existing filesystem is applied. This causes all files written to an encryption-enabled folder to be encrypted instantly, before the filesystem that under wrote them to disk and decrypt it in case the filesystem reads them from disk. With this method, the files are saved to the host filesystem in an encrypted form. This means that the contents and file/folder names are replaced by random-looking data of almost the same length. Apart from that, they are in that filesystem even without encryption, as normal files.
The second method is Block device encryption, which works under the filesystem layer and it makes sure that all the data written to a specific block device, such as a whole disk, is encrypted. This means that although the block device is offline, the whole data will look like a large block of random data. There is no way of knowing what type of filesystem and data is available. It is only possible to access the data again by mounting the protected container to any location in a particular way.
Software for Linux disk encryption
You can find a variety of options that support full disk encryption in Linux. They can help you to encrypt your entire disk and to decrypt it when needed, just by completing downloading and installation steps. Here is a list of the best disk encryption software for Linux.
VeraCrypt
TrueCrypt was considered as the best disk encryption solution available, but it was discontinued in 2014. VeraCrypt is fork of TrueCrypt and it has become one of the best alternatives to secure the data in your disk. VeraCrypt allows you to enjoy the functionality of TrueCrypt and it is said to offer additional security. It is a free and open source solution.
eCrypytfs
This offers an actual stacked Linux disk encryption file system. After the encryption by eCryptfs is stacked on an existing filesystem, it is mounted onto any single existing directory, without needing a different partition.
EncFS
This is a simple solution for Linux disk encryption that works as a stackable cryptographic filesystem like eCryptfs. It focuses on securing the data easily, using a FUSE mechanism to mount an encrypted directory on a different directory chosen by the user. There is no loopback system required like with other comparable systems.
Dm-crypt
Dm-crypt stands for Device-mapper crypt and it brings a general way to create virtual layers of block devices. Device-mapper crypt target gives you clear encryption of block devices and it works with the kernel crypto API. When you use dm-crypt, you can select one of the symmetric encryption, a key of any size supported, an IV generation mode and can also create a new boock device in /dev.
loop-AES
This is a fast and secure solution to encrypt your Linux disk. It comes from the crypto loop, although it is not as user-friendly as other options available. This is due to the fact that it requires the non-standard kernel support.
How to encrypt your disk in Ubuntu using Ubuntu’s Built-in Disk encryption feature
It is possible to encrypt the whole drive in Ubuntu thanks to the fact that the option is available and you can download it and install it on your computer. If you are running it already, you need to backup your data and install it again. Here are the steps to encrypt the whole drive.
- Insert the Ubuntu installation CD or USB and begin booting. Follow the instructions.
- In the Installation type page, mark the box that says “Encrypt the new Ubuntu installation for security”. Then click the “Install Now” option.
- Go to the next page “Select a security key” and then enter your encryption key. This should be strong so it is advisable to use a complex phrase that can’t be easily figured out by others.
- Once you have finished typing and confirming the security key, click Install now and follow the instructions.
- When you get to the “Who are you?” page, enter your details and choose a strong password. Mark the box that says “Require my password to log in” and never check “Login Automatically”. You don’t need to check the box that says “Encrypt my home folder”.
- Once the installation process is completed, you will running a secure and encrypted Linux computer and your data won’t be accessible to those who can get their hands on your computer. Only you, and anyone you authorize can access the computer, using the password.
Conclusion
Encryption is a crucial element to ensure the security of your data, but you need to know what is the right method to put in place, as well as the consequences of not encrypting your computer. Make sure that you take the necessary measures to prevent unauthorized access to your information.