“There are many different methods to encrypt data using various encryption algorithms (ciphers). In this document I describe in short how to encrypt a device with one of the most contemporary methods, using dm-crypt and LUKS. Actually, devices cannot be encrypted. It’s the block devices which are volumes that can be. This means that you can encrypt a hard disk partition, a ZIP disk, a usb flash stick, or even a volume within a file.”
Actually, devices cannot be encrypted. It’s the block devices which are volumes that can be. This means that you can encrypt a hard disk partition, a ZIP disk, a usb flash stick, or even a volume within a file..
Yes, you can… with FreeBSD:
http://events.ccc.de/congress/2005/fahrplan/events/1139.en.html
Or with NetBSD:
http://www.netbsd.org/guide/en/chap-cgd.html
You misunderstood the article (which, admittedly, was not worded very clearly).
Dm-crypt encrypts arbitrary block devices — which means it can be used to encrypt entire hard drives, or entire raid arrays made of multiple hard drives, or individual partitions on a given hard drive, or even (for loopback purposes) individual files. Or even, if you are paranoid, to create an encrypted loopback device on a file in an encrypted partition of an encrypted raid array composed of encrypted hard drives! It is this degree of flexibility which makes dm-crypt so great.
Edited 2006-12-03 22:41
The same can be said about the other technologies mentioned above. Pretty sweet, indeed!
You can do full hard disk encryption by setting up a giant LUKS partition then initializing LVM2 inside of it.
One can do this fairly easy with for instance Gentoo using genkernel-3.4.4 (and above) to create your initramfs image to mount/initialize your LUKS+LVM2 partition.
I’ve heard this can also be done painlessly with Debian based distros as well.
It’s a shame that the howto didn’t also mention how easy it is to add/remove LUKS volume passwords. Yes I said passwords, LUKS allows up to 8 different keys for a volume (basically the volume master key encrypted with your hashed password).
Happy encrypting.