|
#redirect [[Disk encryption software]]
{{cleanup-date|August 2006}}
{{unreferenced}}
[[Disk encryption software]] on [[Linux]] has long been established, but due to an absence of any formal body or specifications lacks in consistency.
As such, encryption can either be performed on the [[kernel]] level using numerous [[Module (Linux)|kernel modules]] as well as a [[loop device|loopback file interface]] or using standard encryption programs running in [[userspace]].
Encryption is possible in two ways, on the [[computer file|file]] level, i.e. encryption of one or more files or directories, or on the [[filesystem]] level, i.e. encryption of an entire device. The latter offers higher protection though may impede system performance and is usually more complex to set up and maintain.
==Software==
The following software can be used on Linux to encrypt a file or filesystem. This document
aims to tell you precisely which software works on which version of your operating system.
* [http://loop-aes.sourceforge.net/aespipe/ aespipe], program to encrypt a file stream with the [[Advanced Encryption Standard|AES]] algorithm with key lengths 128, 192 and 256 bit
* [http://www.saout.de/misc/dm-crypt/ dm-crypt], included in the mainline kernel, but buggy (can cause major data corruption when used together with software RAID5)
** [http://luks.endorphin.org/ LUKS] (Linux Unified Key Setup) aims to improve dm-crypt key management.
** [http://cryptmount.sourceforge.net cryptmount] allows mounting dm-crypt volumes without superuser privileges.
* Cryptoloop, a [[Loop device|loop back]] encryption method, is included in the mainline kernel but is insecure and has been deprecated in favor of dm-crypt.
* [http://loop-aes.sourceforge.net/ loop-AES] supports kernel 2.0.x onward; no kernel patch required, but requires loading of a kernel module; mature
* [http://cryptmount.sourceforge.net/ Crypt Mount]
* [http://ecryptfs.sourceforge.net/ eCryptFS], a stacked filesystem in the kernel '-mm' tree.
* [[EncFS]] uses [[FUSE (Linux)|FUSE]] to provide an encrypted filesystem in [[userspace]].
It is not clear, which of the encrypted files of the above software are compatible to each other, even they seem to use the same [[AES]] algorithm.
==Distributions==
As different [[linux distributions]] are packaged with different software, the setup of encryption
varies. This document aims to guide you to the right direction for your distribution, as far as
encryption software is provided in it. Please note that memory cards and harddisk partitions are
encrypted and used equally.
{{cleanup-list}}
{| border=1
! Distribution !! Packages needed !! Encrypt file !! Encrypt partition !! Encrypt CD/DVD
|-
| Fedora Core 5 || [[LUKS]], [[cryptsetup]] || [[cryptsetup]] || [[cryptsetup]] || ???
|-
| Suse 10 || ??? || ??? || ??? || ???
|-
| Debian Sarge || [[cryptsetup]] || losetup/cryptsetup || cryptsetup || not possible ([[aespipe]] needed)
|-
| Debian Etch || [[cryptsetup]] || losetup/cryptsetup || cryptsetup || not possible (aespipe needed)
|}
[[Category:Cryptography]]
[[Category:Linux]]
| 