From Fedora Project Wiki

Line 4: Line 4:
 
Full disk encryption transparently encrypts the whole block devices/partitions/discs. It is probably the most secure option in case of hardware theft.
 
Full disk encryption transparently encrypts the whole block devices/partitions/discs. It is probably the most secure option in case of hardware theft.
  
Full disk encryption can be selected at installation time or added to a additional and plugin devices at any time - see [[Disk Encryption User Guide]]. Loop devices (encrypted block devices in files) can be used, providing more flexibility regarding file allocation and per-user setups but requires manual setup and are not quite as well tested.
+
Full disk encryption can be selected at installation time or added to a(n) additional usb plug-able device(s) at any time - see [[Disk Encryption User Guide]]. Loop devices (encrypted block devices in files) can be used, providing more flexibility regarding file allocation and per-user setups but requires manual setup and are not quite as well tested.
  
 
== Transparent File/Directory Encryption ==
 
== Transparent File/Directory Encryption ==

Revision as of 01:00, 27 February 2016

Fedora provides several methods and layers of file and disk encryption.

Full disk Encryption

Full disk encryption transparently encrypts the whole block devices/partitions/discs. It is probably the most secure option in case of hardware theft.

Full disk encryption can be selected at installation time or added to a(n) additional usb plug-able device(s) at any time - see Disk Encryption User Guide. Loop devices (encrypted block devices in files) can be used, providing more flexibility regarding file allocation and per-user setups but requires manual setup and are not quite as well tested.

Transparent File/Directory Encryption

These are easier to activate in an already installed system and also easier to setup on a per-user basis as they are mounted over existing filesystems. They may support private per-user encrypted directories which can be transparently mounted at login time and private mounts.

This encryption method typically has the drawback that is possible to deduce lots of metadata such as number of files, their approximate sizes, permissions, changes and possibly more.

  • eCryptfs
  • EncFS

File Encryption

GnuPG also implements file encryption which is very secure, portable and can be used for example for encrypting backups or tarballs. Random access to single files or small incremental changes in the data are not practical with this method.