Contents |
This document belongs to Manual Full System Encryption (with Extras).
1. Description
LUKS, or Linux Unified Key Setup, is one of many different encryption methods that have been invented over the millennia. We use LUKS because it is easy and has all the functionality that we require.
2. What does LUKS do?
When you add a file system to a partition, it is unencrypted. LUKS acts as a layer (a sort of middleman) between the partition and the file system, encrypting everything in the file system.
An unencrypted partition
In this diagram, partition 3 has a file system. It is unencrypted, and anyone with access to the computer can see its contents even if they haven't logged in.
A partition encrypted with LUKS
Here, LUKS sits between partition 3 and its file system. The partition is encrypted, and no one can access its contents without the system passphrase. Once the partition has been unlocked (by giving LUKS the system passphrase), its contents are available, and any program accessing the data doesn't even know that it is encrypted.
3. LUKS and LVM
LUKS and LVM will be used together. See the LVM topic for information about this.