Encrypting Partitions
These days data security is a must in most business environments. With the popularity of portable laptops and external storage devices, often sensitive corporate (and sometimes personal) data are easily available for thieves to steal.
One line of defense to help protect data is encryption. Linux provides utilities to encrypt individual files, but that can get tedious. A better solution is to encrypt the entire partition where the data are stored. A popular tool for that is the Linux Unified Key Setup (LUKS). The LUKS system was created in 2004 by Clemens Fruhwirth specifically for encrypting Linux partitions.
The core utility in LUKS is the cryptsetup utility. It allows you to create encrypted partitions, then open them to make them available for formatting and mounting in the Linux virtual directory.
The first step is to format a partition to use for encryption, using the luksFormat option:
In this step you must specify the passphrase required to open the encrypted partition.
After you create the encrypted partition, you can make it available for use by using the luksOpen option:
The luksOpen option requires that you know the passphrase used to encrypt the partition. The first parameter after the luksOpen option specifies the physical partition, and the second parameter defines a name used to map the opened partition to a virtual device in the /dev/mapper directory:
The /dev/mapper/safedata device file now references the opened encrypted partition and can be handled as a normal Linux partition:
After you create the filesystem and mount the partition, you can create, modify, and delete files and directories in the /mnt/mydata directory just as you would any other Linux filesystem.
To close an encrypted partition so that it can’t be accessed, use the luksClose command option:
When you close the encrypted partition, Linux removes it from the /dev/mapper directory, making it inaccessible. To mount the partition again you would need to use the luksOpen option in the cryptsetup command and provide the passphrase.