(Created page with "Fedora provides several methods and layers of file and disk encryption. == Full disk Encryption == Full disk encryption transparently encrypts the whole block devices/partiti...") |
(No difference)
|
Revision as of 21:40, 30 October 2014
Fedora provides several methods and layers of file and disk encryption.
Full disk Encryption
Full disk encryption transparently encrypts the whole block devices/partitions/discs. It is probably the most secure option in case of hardware theft.
Full disk encryption can be selected at installation time or added to a additional and plugin devices at any time - see Disk Encryption User Guide. Loop devices (encrypted block devices in files) can be used, providing more flexibility regarding file allocation and per-user setups but requires manual setup and are not quite as well tested.
Transparent File/Directory Encryption
These are easier to activate in an already installed system and also easier to setup on a per-user basis as they are mounted over existing filesystems. Some of them support for private per-user encrypted directories which can be transparently mounted at login time.
This encryption method typically has the drawback that is possible to deduce lots of metadata such as number of files, their approximate sizes, permissions, changes and possibly more.
- eCryptfs
- EncFS
File Encryption
GnuPG also implements file encryption which is very secure, portable and can be used for example for encrypting backups or tarballs. Random access to single files or small incremental changes in the data are not practical with this method.