Encrypting a partition
Dean S. Messing
deanm at sharplabs.com
Mon Dec 24 15:51:10 UTC 2007
Robert P. J. Day worte:
: is there a guide somewhere to *all* of the solutions for encrypted
: filesystems under fedora? i haven't set one up for quite some time,
: but i'd like to know what my options are. for example, AIUI, there is
: also the ecryptfs technique which is different from the above, yes?
: how does it differ? is one technologically superior to the other?
: can this encryption be done in place on an unencrypted filesystem?
: and can anyone stop the new england patriots juggernaut? so many
: questions ...
Though not a full answer to your question, this link:
gives a nice comparison of the two major flavours of filesytem
encrption. Run down to:
Q: How does eCryptfs compare with other Linux disk encryption solutions?
on the above link.
For me, the main advantage of "Stacked Filesystem Encryption"
(e.g. eCryptfs) over the block-based methods is its selectivity. You
can encrypt any subset of a filesystem and leave less sensitive stuff
in the clear, whereas the block-based methods require the whole FS,
including meta-data to be encrypted. The latter has both advantages
and disadvantages. One disadvantage is that every single byte must be
en/decrypted, which affects performance. One advantage is that the
metadata of the filesystem is encrypted so stuff like the filenames
themselves are not in the clear. In certain cases, one's filenames, themselves,
contain sensitive info.
(E.g., plans_for_making_a_portable_thermonuclear_device.txt :-)
I used eCryptfs on a few sensitive directories of my system while
travelling through certain countries last summer. It was very easy to
setup and use after I read the well-written docs. Once the encryption
layer is mounted, access is entirely transparent.
Regarding the OP's original question, I don't see any reason why it
would not work in an LVM environment, but I have not actually tried it.
More information about the users