48.0 Encrypting Partitions and Files
Every user has some confidential data that third parties should
not be able to access. The more connected and mobile you are, the
more carefully you should handle your data. The encryption of files
or entire partitions is recommended if others have access over a
network connection or direct physical access. For laptops or
removable media, such as external hard disks or USB sticks, that are
prone to being lost or stolen, it is also very useful to encrypt
partitions (or parts of your file system) that hold confidential
data.
There are several ways to protect your data by means of
encryption:
- Encrypting a Hard Disk Partition
-
You can create an encrypted partition with YaST
during installation or in an already installed system. See
Section 48.1.1,
Creating an Encrypted Partition during Installation and Section 48.1.2,
Creating an Encrypted Partition on a Running System for the details.
This option can also be used for removable media, such as
external hard disks, as described in Section 48.1.4,
Encrypting the Content of Removable Media.
- Creating an Encrypted File as Container
-
You can at any time create an encrypted file on your hard
disk or on on a removable medium with YaST. The encrypted file can
then be used to store other files or
folders. For more information, refer to Section 48.1.3,
Creating an Encrypted File as a Container.
- Encrypting Single Files
-
If you only have a small number of files that hold
sensitive or confidential data, you can encrypt them
individually and protect them with a password using the vi
editor. Refer to Section 48.2,
Using vi to Encrypt Single Files for
more information.
WARNING: Encrypted Media Is Limited Protection
Be aware that with the methods described in this chapter, you
cannot protect your running system from being compromised. After
the encrypted media is successfully mounted, everybody with
appropriate permissions has access to it. However, encrypted media
is useful for cases such as loss or theft of your computer or to
prevent unauthorized individuals from reading your confidential
data.