Florida Ubuntu Linux's encrypted file system article

When UbuntuLinux use encrypting file system, the data can be very well protected.

In this case, even if our machines for hackers, as long as they do not have the key, hackers see data will only be a heap of garbled, worthless. This article details the use of dm-crypt to create encrypted file system. And the other to create an encrypted file system than dm-crypt system unmatched advantages: it's faster, and ease of use. In addition, it is also very wide application and can run in various block device, even if these devices using RAID and LVM is no obstacle. Dm-crypt systems have these advantages, thanks to this technology is built on 2.6 version kernel device-mapper characteristics. Device-mapper is designed to provide the actual block device above the add virtual layer provides a flexible method for the convenience of developers implement mirroring and snapshot, Cascade and encryption processing. In addition, the use of the kernel dm-crypt password application programming interface enables transparent encryption and compatible cryptloop system. First, configure the kernel dm-crypt use kernel password application programming interface to complete the password operation. Generally speaking, the kernel normally adds various encryption program to load the module form. For 256-bitAES, its security strength is already very high, even if it is used to protect the top secret level data is sufficient. Therefore this article we use 256-bitAES password, in order to guarantee that your kernel has been loaded AES password module, please use the following command to check: $ cat/proc/crypto if you see something like the following output, AES module has been loaded Description: name: aesmodule: aestype: ciprblocksize: 16minkeysize: 16maxkeysize: 32 otherwise, we can load it manually using modprobe to AES module command as follows: $ sudomodprobeaes next install dmsetup packages that contain configuration device-mapper tools necessary for checks: $ sudoapt-getinstalldmsetupcryptsetup dmsetup package has established device mapping program, type the following command: $ ls-l/dev/mapper/control next load the kernel module: $ dm-crypt sudomodprobedm-cryptdm-crypt once loaded, it will automatically register with evice-mapper. If the test again, device-mapper has recognized dm-crypt and crypt added as available objects: $ sudodmsetuptargets if all goes well, now you should see the following output: crypt cryptv1.1.0stripedv1.0.2linearv1.0.1errorv1.0.1 this shows our system have to load the encryption device ready. Next, let's create an encryption device.