Jump to content

Encryption on Linux

Add links
From Wikipedia, the free encyclopedia
This is an old revision of this page, as edited by Etienne.navarro (talk | contribs) at 03:08, 10 September 2006 (nominated for deletion, see Wikipedia:Articles for deletion/Encryption on Linux). The present address (URL) is a permanent link to this revision, which may differ significantly from the current revision.

This article is being considered for deletion in accordance with Wikipedia's deletion policy.
Please share your thoughts on the matter at this article's entry on the Articles for deletion page.
Feel free to edit the article, but the article must not be blanked, and this notice must not be removed, until the discussion is closed. For more information, particularly on merging or moving the article during the discussion, read the guide to deletion.

Steps to list an article for deletion: {{subst:afd}} • Preloaded debate OR {{subst:afd2|pg=Encryption on Linux|cat=|text=}} • {{subst:afd3|pg=Encryption on Linux}} log

You must add a |reason= parameter to this Cleanup template – replace it with {{Cleanup|August 2006|reason=<Fill reason here>}}, or remove the Cleanup template.

Disk encryption software on Linux has long been established, but due to an absence of any formal body or specifications lacks in consistency.

As such, encryption can either be performed on the kernel level using numerous kernel modules as well as a loopback file interface or using standard encryption programs running in userspace.

Encryption is possible in two ways, on the file level, i.e. encryption of one or more files or directories, or on the filesystem level, i.e. encryption of an entire device. The latter offers higher protection though may impede system performance and is usually more complex to set up and maintain.

Software

The following software can be used on Linux to encrypt a file or filesystem. This document aims to tell you precisely which software works on which version of your operating system.

  • aespipe, program to encrypt a file stream with the AES algorithm with key lengths 128, 192 and 256 bit
  • dm-crypt, included in the mainline kernel, but buggy (can cause major data corruption when used together with software RAID5)
    • LUKS (Linux Unified Key Setup) aims to improve dm-crypt key management.
    • cryptmount allows mounting dm-crypt volumes without superuser privileges.
  • Cryptoloop, a loop back encryption method, is included in the mainline kernel but is insecure and has been deprecated in favor of dm-crypt.
  • loop-AES supports kernel 2.0.x onward; no kernel patch required, but requires loading of a kernel module; mature
  • Crypt Mount
  • eCryptFS, a stacked filesystem in the kernel '-mm' tree.
  • EncFS uses FUSE to provide an encrypted filesystem in userspace.
  • Phonebook is another encrypted filesystem in userspace using FUSE, providing strong plausible deniability.

It is not clear, which of the encrypted files of the above software are compatible to each other, even they seem to use the same AES algorithm.

Distributions

As different linux distributions are packaged with different software, the setup of encryption varies. This document aims to guide you to the right direction for your distribution, as far as encryption software is provided in it. Please note that memory cards and harddisk partitions are encrypted and used equally.

Distribution Packages needed Encrypt file Encrypt partition Encrypt CD/DVD
Fedora Core 5 LUKS, cryptsetup cryptsetup cryptsetup ???
Suse 10 ??? ??? ??? ???
Debian Sarge cryptsetup losetup/cryptsetup cryptsetup not possible (aespipe needed)
Debian Etch cryptsetup losetup/cryptsetup cryptsetup not possible (aespipe needed)
Retrieved from "https://en.wikipedia.org/w/index.php?title=Encryption_on_Linux&oldid=74835119"