Crypto filesystems keep your data safe – even if someone steals your computer.Linux offers a number of encrypted filesystem options – each with a different approach to the encryption problem.Encrypted filesystems may be overkill for family photos or your résumé, but they make sense for network-accessible servers that hold sensitive business documents, databases that contain credit-card information, offline backups, and laptops.
Now we will see some of the Filesystem Encryption Tools for Linux
• Loop-AES
Fast and transparent file system and swap encryption package for linux. No source code changes to linux kernel. Works with 2.6, 2.4, 2.2 and 2.0 kernels.Loop devices are block devices that don’t store any data directly, but rather redirect all reads and writes to an underlying block device or file, possibly encrypting or decrypting data in the process
Project Homepage :- http://sourceforge.net/projects/loop-aes/
Current Stable :- 3.2a
• DM-Crypt
Device-mapper is a new infrastructure in the Linux 2.6 kernel that provides a generic way to create virtual layers of block devices that can do different things on top of real block devices like striping, concatenation, mirroring, snapshotting, etc… The device-mapper is used by the LVM2 and EVMS 2.x tools.
dm-crypt is such a device-mapper target that provides transparent encryption of block devices using the new Linux 2.6 cryptoapi. The user can basically specify one of the symmetric ciphers, a key (of any allowed size), an iv generation mode and then he can create a new block device in /dev. Writes to this device will be encrypted and reads decrypted. You can mount your filesystem on it as usual. But without the key you can’t access your data.
It does basically the same as cryptoloop only that it’s a much cleaner code and better suits the need of a block device and has a more flexible configuration interface. The on-disk format is also compatible. In the future you will be able to specify other iv generation modes for enhanced security (you’ll have to reencrypt your filesystem though).
Project Homepage :- http://www.saout.de/misc/dm-crypt/
Current Stable :- 0.1
• Truecrypt
TrueCrypt is a software system for establishing and maintaining an on-the-fly-encrypted volume (data storage device). On-the-fly encryption means that data are automatically encrypted or decrypted right before they are loaded or saved, without any user intervention. No data stored on an encrypted volume can be read (decrypted) without using the correct password/keyfile(s) or correct encryption keys. Entire file system is encrypted (e.g.., file names, folder names, contents of every file, free space, meta data, etc).
Project Homepage :- http://www.truecrypt.org
Current Stable :- 4.3a
• Crypto-FS
CryptoFS is a encrypted filesystem for Filesystem in Userspace (FUSE) and the Linux Userland FileSystem (LUFS).CryptoFS will use a normal directory to store files encrypted. The mountpoint will contain the decrypted files. Every file stored in this mountpoint will be written encrypted (data and filename) to the directory that was mounted. If you unmount the directory the encrypted data can only be access by mounting the directory with the correct key again. Like other FUSE/LUFS filesystems it does not need root access or any complicated setup like creating a filesystem on a encrypted disk using the loop device.
CryptoFS can be build for FUSE and LUFS. When you build for FUSE you get a program to mount the filesystem. For LUFS a shared library will be built that can be used by LUFS’s lufsd. Both methods can use the same encrypted directory.
Project Homepage :- http://reboot.animeirc.de/cryptofs/
Current Stable :- 0.6.0
• Enc-FS
EncFS provides an encrypted filesystem in user-space. It runs without any special permissions and uses the FUSE library and Linux kernel module to provide the filesystem interface. You can find links to source and binary releases below. EncFS is open source software, licensed under the GPL.
As with most encrypted filesystems, Encfs is meant to provide security against off-line attacks; ie your notebook or backups fall into the wrong hands, etc. The way Encfs works is different from the “loopback” encrypted filesystem support built into the Linux kernel because it works on files at a time, not an entire block device. This is a big advantage in some ways, but does not come without a cost.
Project Homepage :- http://arg0.net/encfs
Current Stable :- 1.3.2
And don’t forget ecryptfs (http://ecryptfs.sourceforge.net/). The kernel modules were accepted in Linux 2.6.19 if I recall correctly and still has some ways to go until it can be called feature complete yet I’d love to see the userspace tools already available in Lenny. For what I’ve read it seems to be like Enc-FS on steroids…
LUKS adds some improvements to dm-crypt (you can add or remove additional key without the need to reencrypt). It needs an updated (LUKS-aware) cryptsetup.