Encryption has now become a mainstream term as a solution to many privacy risks. Privacy advocates and security analysts are extensively recommending it to all the individuals regardless of the risk intensity they are prone to. Similarly, encrypting a device could help you in many ways including data safety in case of your device theft. Fortunately, the individuals with Linux device have the best way out that is Linux disk encryption.
Encryption is a method to secure your data by converting them into an unreadable form protected by an encryption key, accessible only by entering the encryption key. It evades the threats and perils of hacking, malicious intrusions, irritating siblings and above all, it shields your identity in case your Linux laptop or PC is lost.
What is Disk Encryption?
Disk encryption is a method for absolute storage device protection instead of security implementations on electronic files individually. It is an extraordinary helpful method for a device which ensures that your data is stored in an unreadable coded form. The access to encrypted data is only possible for an authorized person with the accurate encryption key.
Therefore, all the files and folders and disk volume are secured through encryption and can only be decrypted when required by the authorized user with the key. There are many advantages of full disk encryption that we have discussed below.
Merits of Disk Encryption
Disk encryption isn’t an unknown term for most people nowadays. Also, many devices are now with the default encrypting feature to protect your data stored on the disk. Disk encryption has some potential advantages;
- Disk encryption prevents unauthorized access to data when the PC is located in a place where untrustworthy people can access your PC, if your PC gets stolen, at the computer repair shop or when you discard it.
- Whole disk encryption ensures the protection of all the files, folders, and temporary files. Hence each and everything is encrypted on the disk.
- Full Disk encryption covers each and every file and folder, so there is no chance of anything left behind, this is more secure than encrypting individual files and folders where by chance you can leave something important unencrypted.
Demerits of Disk Encryption
- Disk encryption only protects you against the untrustworthy people who can have the physical access to your computer. It cannot save you from cyber attacks, and your computer is still vulnerable to get attacked by a hacker who could access your device through malware installation.
- Malicious apps and websites can still pop, and your system might get infected with the viruses or worms they contain.
- Network hackers and attackers can still exploit services running on your devices, such as network file sharing, BitTorrent client, or your iTunes playlist sharing, to name a few.
- Government spy and security surveillance agencies can still spy on your internet activities, and all your internet information is still accessible.
Therefore, make sure you use some additional internet security software, such as VPNs to get the safe and secure internet access because disk encryption can only evade physical access threat of your computer, the potential cyber threat is still there as mentioned above.
Process of Disk Encryption in Linux
The method of Linux disk encryption is categorized into two, according to the layer of operations;
1. Stacked filesystem encryption
Stacked filesystem encryption solutions are applied as a layer that stacks on top of an existing filesystem. This makes all files written to an encryption-enabled folder, to be encrypted in an instant before the underlying filesystem wrote them to disk and decrypt it whenever the filesystem reads them from disk.
Through this method, the files are stored in the host filesystem in an encrypted form (which means that their contents and file/folder names are replaced by random-looking data of roughly the same length). However, other than that, they are present in that filesystem as they would without encryption, as normal files.
2. Block device encryption
On the other hand, the Block device encryption method operates below the filesystem layer and ensures that everything written to a specific block device (i.e. a whole disk, or a partition, or a file acting as a virtual loopback device) is encrypted. It means that while the block device is offline, its whole data looks like a large block of random data, without any way of recognizing that what kind of filesystem and data it contains.
Access to this data is only possible again, by mounting the protected container (where the encrypted data is stored and in this case the block device) to an arbitrary location in a special way.
Linux Disk Encryption Software
There are much third-party software available for Linux disk encryption which can help you encrypt the whole disk and decrypt them when required. This could be done by performing some simple downloading and installation steps, the top Disk Encryption software for Linux is;
eCryptfs provides an actual stacked Linux disk encryption file system. The encryption by eCryptfs is stacked on an existing filesystem, and it mounts onto any single existing directory and does not need a separate partition.
EncFS is a very simple and user-friendly software for Linux disk encryption. It is a userspace stackable cryptographic filesystem similar to eCryptfs, which aims to secure data with absolutely no fuss and hassle. It uses a FUSE mechanism to mount an encrypted directory on another directory mentioned by the user, and It does not require a loopback system like some other comparable systems.
loop-AES is speed, secure solution to Linux disk encryption, it is a descendant of the crypto loop but considered less user-friendly than the other possible option because it needs the non-standard kernel support.
Device-mapper crypt (Dm-crypt) offers a generic way to make virtual layers of block devices. Device-mapper crypt target offers clear encryption of block devices, and it uses the kernel crypto API. The user of dm-crypt can specify one of the symmetric encryption, a key (of any allowed size), an iv generation mode and the user can create a new block device in /dev writes to the device are encrypted and reads decrypted.
TrueCrypt is a free open source on-the-fly Linux disk encryption (OTFE) program. It virtually encrypts the disks within files that can be mounted as real disks. It has the capability to encrypt an entire hard drive partition or a storage device. It is considered as the most secure form of Linux disk encryption so far. However, Truecrypt ended its development in May 2014, and there is no updates, fixes and the further version available of it, the alternate and successor of TrueCrypt are VeraCrypt.
Steps of Disk Encryption in Ubuntu (using Ubuntu’s Built-in Disk Encryption feature)
In Ubuntu, you can encrypt the whole drive, as it offers you the option while downloading and installing it on your PC. So, if you are already running it you need to backup your data and reinstall it, and while doing so, we are going to tell you how you can encrypt the whole drives by the following steps;
1. Insert the Ubuntu installation CD or USB and start the booting and follow the instructions, when you are at the “Installation type” page, check the box “Encrypt the new Ubuntu installation for security,” and then click Install Now.
2. Now go to the next page “Choose a security key,” now enter your encryption key, that must be a complex phrase that is almost impossible to guess by anyone who tries to access your PC.
- Now when you are done with typing the confirming the security key, click install now and follow the rest of the instructions. Moreover, when you are at ‘’ Who are you?’’ page enter your details and choose a strong, unbreakable password. Check the box which says, ‘’Require my password to log in’’ and never check ‘’Login Automatically’’ and leave the box which says, “Encrypt my home folder” unchecked because you do not need it.
- Now continue to finish the installation process and here you are, you are now running a secure and encrypted Linux PC, and no one can hamper your data with the physical access and only you and the authorized people who know the password can get the access to the PC.
Encryption is a necessary protective measure that must be implemented by every individual. It is a valuable feature for every person as it is never assured that your device remains with you always. In case of a loss, theft or access by a malicious person your personal information could be in danger as most of us keep sensitive and private data safe into our laptops.
But it is also important to know the right method to follow and also what are the consequences of not encrypting your device, now you know what would happen to your data if your data is naked to every eye that gains access to your PC. So, be safe and be encrypted!