How to encrypt a Linux filesystem
Q I am keen to test Linux and eventually would like to migrate to it from Windows XP. Before I do that though, I really need to know if Linux has the following security features, which the Windows XP program DriveCrypt has. I am currently able to encrypt (AES 256-bit) the entire Windows XP operating system before it is booted, entering my password at MBR boot stage. This uses the DriveCrypt Plus Pack program at www.drivecrypt.com, and requires a two-line password. I can encrypt a separate data partition with 1,344-bit Triple Blowfish encryption, and in addition to four-line password entry, I can use a fingerprint sensor to keep my data secure (I'm especially keen to keep this feature as it is so cool). Lastly, I am able to image my Windows OS regularly using Acronis's True Image software. Would I be able to do all of the above with Linux, using separate open source programs to achieve the same end results?
A Encrypted filesystems for Linux do exist, including CFS and TCFS, both of which provide an encrypted layer for any block device. These systems are designed mainly to encrypt specific filesystems running under Linux; however, the 2.6 kernel supports cryptoloop filesystems, which allow any cipher known to the kernel to encrypt the filesystem. You may want to review the documentation at http://linuxfromscratch.org/~devine/erfs-howto.html. CFS/TCFS will not work with external sensors, but you can generate an encryption seed of any length. There is a wide range of algorithms to choose from, although AES is probably the best choice.
Follow us on Identi.ca or Twitter