Linux comes in many different flavours. For example, there is RedHat Linux, Ubuntu, and openSuSE, which are likely the three most common/popular Linux distributions. The current list of Linux distributions at Wikipedia lists a few pages of different distributions (https://en.wikipedia.org/wiki/List_of_Linux_distributions).
Generally speaking, Linux supports two types of encryption: block level and file system encryption.
Each technique has pros and cons, this article discusses the various projects and tools available for each technique. If you are uncertain what technique would work best for you, please contact the EOAS IT Help Desk at helpdesk@eoas.ubc.ca.
Block Level Encryption
- Loop-AES – Fast and transparent file system and swap encryption package for linux. No source code changes to linux kernel. Works with 3.x, 2.6, 2.4, 2.2 and 2.0 kernels.
- VeraCrypt – It is free open-source disk encryption software for Windows 7/Vista/XP, Mac OS X and Linux based on TrueCrypt codebase.
- dm-crypt+LUKS – dm-crypt is a transparent disk encryption subsystem in Linux kernel v2.6+ and later and DragonFly BSD. It can encrypt whole disks, removable media, partitions, software RAID volumes, logical volumes, and files.
Filesystem Level Encryption
- eCryptfs – It is a cryptographic stacked Linux filesystem. eCryptfs stores cryptographic metadata in the header of each file written, so that encrypted files can be copied between hosts; the file will be decrypted with the proper key in the Linux kernel keyring. This solution is widely used, as the basis for Ubuntu’s Encrypted Home Directory, natively within Google’s ChromeOS, and transparently embedded in several network attached storage (NAS) devices.
- EncFS -It provides an encrypted filesystem in user-space. It runs without any special permissions and uses the FUSE library and Linux kernel module to provide the filesystem interface. You can find links to source and binary releases below. EncFS is open source software, licensed under the GPL.
We are building out this list as new information arrives. If you are aware of another solution for encrypting Linux, we would like to know and share that with our community.