Encryption on Linux

You must add a |reason= parameter to this Cleanup template – replace it with {{Cleanup|August 2006|reason=<Fill reason here>}}, or remove the Cleanup template.

This article does not cite any sources. Please help improve this article by adding citations to reliable sources. Unsourced material may be challenged and removed. Find sources: "Encryption on Linux" – news · newspapers · books · scholar · JSTOR (Learn how and when to remove this message)

Disk encryption software on Linux has long been established, but due to an absence of any formal body or specifications lacks in consistency.

As such, encryption can either be performed on the kernel level using numerous kernel modules as well as a loopback file interface or using standard encryption programs running in userspace.

Encryption is possible in two ways, on the file level, i.e. encryption of one or more files or directories, or on the filesystem level, i.e. encryption of an entire device. The latter offers higher protection though may impede system performance and is usually more complex to set up and maintain.

The following software can be used on Linux to encrypt a file or filesystem. This document aims to tell you precisely which software works on which version of your operating system.

• losetup and cryptoloop, part of 2.6.x kernel and util-linux
• aespipe, program to encrypt a file stream with the AES algorithm with key lengths 128, 192 and 256 bit
• dm-crypt, included in the mainline kernel
  • LUKS (Linux Unified Key Setup) aims to improve dm-crypt key management.
  • cryptmount allows mounting dm-crypt volumes without superuser privileges.
• Cryptoloop is included in the mainline kernel but is insecure and has been deprecated in favor of dm-crypt.
• loop-AES supports kernel 2.0.x onward but requires a patch.
• Crypt Mount
• eCryptFS, a stacked filesystem in the kernel '-mm' tree.
• EncFS uses FUSE to provide an encrypted filesystem in userspace.

It is not clear, which of the encrypted files of the above software are compatible to each other, even they seem to use the same AES algorithm.

As different linux distributions are packaged with different software, the setup of encryption varies. This document aims to guide you to the right direction for your distribution, as far as encryption software is provided in it. Please note that memory cards and harddisk partitions are encrypted and used equally.

This article may contain unverified or indiscriminate information in embedded lists. Please help clean up the lists by removing items or incorporating them into the text of the article.