36.0 Encrypting Partitions and Files
Every user has some confidential data that third parties should not be
able to access. The more you rely on mobile computing and on working in
different environments and networks, the more carefully you should handle
your data. The encryption of files or entire partitions is recommended if
others have network or physical access to your system. Laptops or
removable media, such as external hard disks or USB sticks, are prone to
being lost or stolen. Thus, it is recommended to encrypt the parts of your
file that hold confidential data.
There are several ways to protect your data by means of encryption:
- Encrypting a Hard Disk Partition
You can create an encrypted partition with YaST during installation
or in an already installed system. Refer to
Section 36.1.1, Creating an Encrypted Partition during Installation and
Section 36.1.2, Creating an Encrypted Partition on a Running System for details. This
option can also be used for removable media, such as external hard
disks, as described in Section 36.1.4, Encrypting the Content of Removable Media.
- Creating an Encrypted File as Container
You can create an encrypted file on your hard disk or on a removable
medium with YaST at any time. The encrypted file can then be used to
store other files or folders. For more
information, refer to Section 36.1.3, Creating an Encrypted File as a Container.
- Encrypting Home Directories
With openSUSE, you can also create encrypted home directories for
users. When the user logs in to the system, the encrypted home
directory is mounted and the contents are made available to the user.
Refer to Section 36.2, Using Encrypted Home Directories for more information.
- Encrypting Single ASCII Text Files
If you only have a small number of ASCII text files that hold sensitive
or confidential data, you can encrypt them individually and protect
them with a password using the vi editor. Refer to
Section 36.3, Using vi to Encrypt Single ASCII Text Files for more information.
WARNING: Encrypted Media Offers Limited Protection
The methods described in this chapter offer only limited protection. You
cannot protect your running system from being compromised. After the
encrypted medium is successfully mounted, everybody with appropriate
permissions has access to it. However, encrypted media are useful in case
of loss or theft of your computer or to prevent unauthorized individuals
from reading your confidential data.