Follow Techotopia on Twitter

On-line Guides
All Guides
eBook Store
iOS / Android
Linux for Beginners
Office Productivity
Linux Installation
Linux Security
Linux Utilities
Linux Virtualization
Linux Kernel
System/Network Admin
Programming
Scripting Languages
Development Tools
Web Development
GUI Toolkits/Desktop
Databases
Mail Systems
openSolaris
Eclipse Documentation
Techotopia.com
Virtuatopia.com
Answertopia.com

How To Guides
Virtualization
General System Admin
Linux Security
Linux Filesystems
Web Servers
Graphics & Desktop
PC Hardware
Windows
Problem Solutions
Privacy Policy

  




 

 

SUSE Linux Enterprise Desktop Deployment Guide
Previous Page Home Next Page

41.1 Setting Up a Crypto File System with YaST

Use YaST to encrypt partitions or parts of your file system during installation or in an already installed system. However, encrypting a partition in an already installed system is more difficult because you have to resize and change existing partitions. In such cases, it may be more convenient to create an encrypted file of a defined size in which to store other files or parts of your file system. To encrypt an entire partition, dedicate a partition for encryption in the partition layout. The standard partitioning proposal as suggested by YaST does not, by default, include an encrypted partition. Add it manually in the partitioning dialog.

41.1.1 Creating an Encrypted Partition during Installation

WARNING: Password Input

Observe the warnings about password security when setting the password for encrypted partitions and memorize it well. Without the password, the encrypted data cannot be accessed or restored.

The YaST expert dialog for partitioning, described in Section 7.5.6, Partitioner, offers the options needed for creating an encrypted partition. To create a new encrypted partition, click Create. In the dialog that opens, enter the partitioning parameters for the new partition, such as the desired formatting and the mount point. Complete the process by clicking Encrypt File System. In the following dialog, enter the password twice. The new encrypted partition is created after the partitioning dialog is closed by clicking OK. While booting, the operating system requests the password before mounting the partition.

If you do not want to mount the encrypted partition during start-up, click Enter when prompted for the password. Then decline the offer to enter the password again. In this case, the encrypted file system is not mounted and the operating system continues booting, blocking access to your data. The partition is available to all users once it has been mounted.

If the encrypted file system should only be mounted when necessary, enable Do Not Mount During Booting in the fstab Options dialog. The respective partition will not be mounted when the system is booted. To make it available afterwards, mount it manually with mount  name_of_partition mount_point . Enter the password when prompted to do so. After finishing your work with the partition, unmount it with umount name_of_partition to protect it from access by other users.

When you are installing your system on a machine where several partitions already exist, you can also decide to encrypt an existing partition during installation. In this case follow the description in Section 41.1.2, Creating an Encrypted Partition on a Running System and be aware that this action destroys all data on the existing partition to encrypt.

41.1.2 Creating an Encrypted Partition on a Running System

WARNING: Activating Encryption in a Running System

It is also possible to create encrypted partitions on a running system. However, encrypting an existing partition destroys all data on it and requires resize and restructuring of existing partitions.

On a running system, select System Partitioning in the YaST control center. Click Yes to proceed. Instead of selecting Create as mentioned above, click Edit. The rest of the procedure is the same as in Section 41.1.1, Creating an Encrypted Partition during Installation.

41.1.3 Creating an Encrypted File as a Container

Instead of using a partition, it is possible to create an encrypted file of a certain size that can then hold other files or folders containing confidential data. Such container files are created from the same YaST dialog. Select Crypt File and enter the path to the file to create along with its intended size. Accept the proposed formatting settings and the file system type. Then specify the mount point and decide whether the encrypted file system should be mounted when the system is booted.

The advantage of encrypted container files is that they can be added without repartitioning the hard disk. They are mounted with the help of a loop device and behave just like normal partitions.

41.1.4 Encrypting the Content of Removable Media

YaST treats removable media like external hard disks or USB flash drives the same as any other hard disk. Container files or partitions on such media can be encrypted as described above. However, do not select to mount these media when the system is booted, because they are usually only connected while the system is running.

SUSE Linux Enterprise Desktop Deployment Guide
Previous Page Home Next Page

 
 
  Published under the terms of the Open Publication License Design by Interspire