Being able to encrypt individual files can be handy, but it can be something
- Block encryption: We can use this for either whole-disk encryption or to encrypt individual partitions.
- File-level encryption: We'd use this to encrypt individual directories without having to encrypt the underlying partitions.
- Containerized Encryption: Using third-party software that doesn't come with any Linux distribution, we can create encrypted, cross-platform containers that can be opened on either Linux, macOS, or Windows machines.
Linux Unified Key Setup (LUKS) falls into the first category. It's built into pretty much every Linux distribution, and directions for use are the same for each. For our demos, I'll use the CentOS virtual machine, since LUKS is now the default encryption mechanism for Red Hat Enterprise Linux 7/8 and CentOS 7/8.
You might be wondering if there's any performance impact with all of this disk encryption business. Well, with today's fast CPUs, not really. I run Fedora with full-disk encryption on a low-spec, Core i5 laptop, and other than having to enter the disk-encryption password when I first boot up, I don't even notice that encryption is taking place.
Okay, let's look at encrypting a disk while installing the operating system.