Knowing about disk encryption

First of all I want to apologize for not being regular often. My semester exams got started and it kind of came in a like wave onto us. This is my 7th semester which was suppose to get over by December 2020 but because of the pandemic everything got rescheduled and delayed. But I read about encryption of disks in my next chapter and it made me very interested to know more about it. Although I have been fascinated to encryptions quite, since I watched a movie named The Imitation Game

Encryptions are necessary to protect the data on the disks. File-systems might be encrypted to protect the data they contain from the prying eyes. Linux distributions most often use LUKS method and perform encrypted related tasks using cryptsetup.

What is the need for encryption?

As said earlier encryptions should be used to protect wherever any sensitive data is being stored or transmitted. Configuring and using block device level encryption provides one of the strongest protections against harm caused by loss or compromise of data contained in hard drives and other media. Fortunately modern Linux distributions offer us choice of encrypting all or some of the disk partitions in our system during installation. It is easy and straightforward to create and format encrypted partitions at a later time but you cannot encrypt an already existing partition in place without a data copying operation.

LUKS

LUKS is installed on top of cryptsetup, a powerful utility that can also use other methods, such as plain dm-crypt volumes, loop-AES and TrueCrypt-compatible format. Luks was originally designed for Linux but in due course of time it has also been transported to other operating systems. It is benefiting because LUKS stores all the necessary information on the header itself, it is rather easy to migrate partitions to other disks. Another advantage is that it can transparently encrypt swap partitions.

Cryptsetup

This setup can be termed as a Swiss army knife program. Once encrypted volumes can be set up and they can be mounted and unmounted with normal disk utilities. The general command is

$ cryptsetup [options] (actions) (action-specific)

How to use an encrypted partition ?

First things first we need to give the partition to LUKS, if the partition /dev/sdc12 already exists then the following commands will set up the encryption and make it available to LUKS to format it, mount it, use it, unmount it etc.

$ sudo cryptsetup lukesfromat /dev/sdc12 

You will be prompted for a passphrase that will need to open the use of the encrypted volume later. Note that you only have to do this step once, when setting up encryption. Your kernel may not support the default encryption method used by cryptsetup. In that case, you can examine /proc/crypto to see the methods your system supports, and then you can supply a method, as in:

$ sudo cryptsetup luksFormat --cipher aes /dev/sdc12

You can make the volume available at any time with:

$ sudo cryptsetup --verbose luksOpen /dev/sdc12 SECRET

where you will be prompted to supply the passphrase. You can format the partition:

$ sudo mkfs.ext4 /dev/mapper/SECRET

mount it:

$ sudo mount /dev/mapper/SECRET /mnt

and then use to your heart's content, just as if it were an unencrypted partition. When you are done, unmount with:

$ sudo umount /mnt

and then remove the association for now:

$ sudo cryptsetup --verbose luksClose SECRET

You can mount an encrypted partition at boot but for that two conditions have to meet. You need to make an appropriate entry in /etc/fstab and add an entry to /etc/cryptlab

Encryption is an important need for it is our data that is being protected and learning to protect the data is another factor one must know.

Leave a Comment

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s