This document belongs to Manual Full System Encryption (with Extras).

1. Description

Many different encryption methods have been invented over the millenia. One of the most famous is the Caesar cypher, which Julius Caesar used in ancient Rome. (By today's standards, it is ridiculously easy to break.)

LUKS, or Linux Unified Key Setup, is one of the modern ones. We use LUKS here because it is easy to use, has all the functionality that we require, and encrypts to a high modern standard.

2. What does LUKS do?

When you add a file system to a partition, it is unencrypted. LUKS acts as a layer (a sort of intermediary) between the partition and the file system, encrypting everything in the file system.

An unencrypted partition

In this diagram, partition 3 has a file system. It is unencrypted, and anyone with access to the computer can see its contents even if they haven't logged in.

LUKS-unencrypted-partition.png

A partition encrypted with LUKS

Here, LUKS sits between partition 3 and its file system. The partition is encrypted, and no one can access its contents without the system passphrase. Once the partition has been unlocked (by giving LUKS the system passphrase), its contents are available, and LUKS sits doing its job invisibly. Any program accessing the data doesn't even know that the data is encrypted.

LUKS-encrypted-partition.png

3. LUKS and LVM

LUKS and LVM will be used together. See the LVM topic for information about this.


ManualFullSystemEncryption/BasicsLUKS (last edited 2018-08-21 15:02:20 by paddy-landau)