AboutWelcome to Free Software Daily (FSD). FSD is a hub for news and articles by and for the free and open source community. FSD is a community driven site where members of the community submit and vote for the stories that they think are important and interesting to them. Click the "About" link to read more...
"Even though the Debian installer can set up encrypted partitions, it is optimised for systems with a single data partition, unless you want to enter multiple passphrases when the system boots. The installer configures a LUKS volume using cryptsetup, but it provides no mechanism for the use of key files, only interactive passphrases.
Some people have a need for storing data securely. Sometimes this means not only redundant disks (and a good backup strategy) but also encryption. Fortunately, the Linux kernel has all the features to use multiple RAID devices, pool them to a Logical Volume, and encrypt every block of the filesystem. Just don't forget your passphrase!
The pam_mount project lets you unlock an encrypted filesystem automatically when you log in. The same password used to log in is used as the key to unlock the encrypted filesystem, so you only need to type it once.
This tutorial deals only with how to add an extra encrypted physical volume to a volume group pool containing other encrypted physical volumes. This is typical scenario if, at first, you have set up your encryption at a physical partition level (/dev/sdaX where X is the a number of your partition), then you setup your LVM on top of the encrypted partition.
Last week, on the new MacHaxor site, I explained how to create an encrypted disk image on a mac, but there are similar tools available for Linux. TrueCrypt allows you to make all kinds of encrypted containers, but one of the most interesting is a hidden partition.
Well, I have written so far two tutorials with LUKS/dm_crypt involved. First one was how to enable encryption on Feisty Fawn (wasn't included back then by default) and the other one was how to reboot/unlock through a remote connection.
This document explains how to set up a fully encrypted para-virtualized XEN instance. In this howto, the host system is running Debian Etch, while the guest system to be installed will be using Debian Lenny.