Encryption Software And Required Packages

Alexzee

Well-Known Member
Joined
Jun 1, 2019
Messages
3,681
Reaction score
1,963
Credits
21,897
I'm reading all the information on this page that I've linked below for Luks/Cryptsetup to learn as I'd like to encrypt my Linux boxes, HDD's, partitions and etc.
This is new to me and haven't installed or configured encryption software before.
Any tips would be greatly appreciated.


On the page in the link above, their are required pkg's for Fedora, Ubuntu and Debian.

I don't however; know or see required pkg's listed for Slackware. Any ideas there?

Also, there are many encryption programs for Linux so which is best for HDD and partition encryption?

Started reading here as a start--
 


Good tutorial f33dm3bits, thanks.

If I understood the tutorial correctly (remember I have PTSD) performing the encryption over writes all data and can't be changed.

Does this mean it will remove all of the Linux Mint and Debian partitions on those disk's and I'd have to perform fresh installations?
 
If you create a new partition on an already existing disk you can just encrypt that specific partition but if that is an already existing partition with data on it it will be wiped.
 
If you create a new partition on an already existing disk you can just encrypt that specific partition but if that is an already existing partition with data on it it will be wiped.
Ok, got it-

Is there any other way to encrypt drives and partitions w/o wiping the already existing partitons that are in place?
 
Ok, got it-

Is there any other way to encrypt drives and partitions w/o wiping the already existing partitons that are in place?
If it's just normal user data you are talking about you can copy it to an other driver but if it's an os installation you are talking about your best choice is to reinstall?
 
If it's just normal user data you are talking about you can copy it to an other driver but if it's an os installation you are talking about your best choice is to reinstall?
Yup, there are os installations on both of the drives I want to encrypt.
I had hoped I wouldn't have to perform fresh installations. SUPER disappointing:-

Thanks for explaining. Now I have to make a choice decision.
In the meantime I can set a BIOS password-
 
It would be possible but way to complicated for me to explain here, what distributions are you wanting to install with encryption because most Linux distributions have an option in the installer to encrypt your installation?
 
It would be possible but way to complicated for me to explain here, what distributions are you wanting to install with encryption because most Linux distributions have an option in the installer to encrypt your installation?
Slackware doesn't AFAIK, prompt for encryption during the installation.
I remember that Debian does:-
 
It would be possible but way to complicated for me to explain here
If there is a way please point me to it if you have the time.

In the meantime I'll do some searching on my own:-
 
If there is a way please point me to it if you have the time.
In short it would be something like the following:
1. Live-boot from a flash drive.
2. Sync your os files to another location, ie: external drive.
3. Remove partitions on the disk where you want to install and create the encrypted partition setup.
4. Sync your os files from your other location to your new root partition.
5. Edit your /etc/crypttab to setup your unlock device.
6. Edit your /etc/fstab with the correct mapper device so the device name you defined in /etc/crypttab.
7. Unmount your devices and reboot and hope for the best.
I have never tried it so it can't be 100% accurate and I may have missed something.
 
In short it would be something like the following:
1. Live-boot from a flash drive.
2. Sync your os files to another location, ie: external drive.
3. Remove partitions on the disk where you want to install and create the encrypted partition setup.
4. Sync your os files from your other location to your new root partition.
5. Edit your /etc/crypttab to setup your unlock device.
6. Edit your /etc/fstab with the correct mapper device so the device name you defined in /etc/crypttab.
7. Unmount your devices and reboot and hope for the best.
I have never tried it so it can't be 100% accurate and I may have missed something.
Looks like good instructions, thanks for your honesty.
I've edited the /etc/fstab file a few times but have zero experience using the mapper device:-

I'll have a look at Clonezilla too while I'm at it. Reinstalling Slackware 'would not' be a walk in the park by any means.

Looks like this is going to take serious thought and time to complete. So, until I'm absoulty certain I understand each step I'm not in any hurry.
 
I don't know how the Slackware installation works but you may also have to install grub at some point. Your /boot can be on an encrypted partition but then you would have to do something extra to get it to work and there is no advantage to that so it's better just to have /boot a partition that is not encrypted.
 
I don't know how the Slackware installation works but you may also have to install grub at some point. Your /boot can be on an encrypted partition but then you would have to do something extra to get it to work and there is no advantage to that so it's better just to have /boot a partition that is not encrypted.
During the Slackware installation AFAIK. encryption is not offered.
With Slackware you have to drop to a shell prompt chroot/ mnt and install grub to the drive while the installation media is still in place.
That's if you want Grub and have other Linux os's on other HDD's on the machine.
Otherwise you'd just install LILO the bootloader that comes with Slackware.
LILO can be configured to add and chain load other os on the same machine but it's not easy.

Agreed, encrypting the /boot partition wouldn't be necessary.

Are all of the other encryption software's ie> Vera Crypt, GnuPG, dm-crypt, Tomb, zuluCrypt and loop-AES pretty much the same practice?
 
Are all of the other encryption software's ie> Vera Crypt, GnuPG, dm-crypt, Tomb, zuluCrypt and loop-AES pretty much the same practice?
AFAIK all Linux installs use luks by default, dm-crypt is the kernel module used for encrypted devices, those other ones you mention I have no experience witth and sound more like user tools rather than os tools.
 
AFAIK all Linux installs use luks by default, dm-crypt is the kernel module used for encrypted devices, those other ones you mention I have no experience witth and sound more like user tools rather than os tools.
Ok-

I have some reading to do and like I said I'm not in a hurry.
Thanks for the information and details f33dm3bits, I appreciate the help.
 

Members online


Latest posts

Top