< Previous | Contents | Next >
Introduction to LUKS
To protect your data, you can add an encryption layer underneath your file system of choice. Linux (and more particularly the dm-crypt driver) uses the device mapper to create the virtual partition (whose contents are protected) based on an underlying partition that will store the data in an encrypted form (thanks to LUKS). LUKS standardizes the storage of the encrypted data as well as meta-information that indicates the encryption algorithms used.
Encrypted Swap Partition When an encrypted partition is used, the encryption key is stored in memory (RAM), and when hibernating, a laptop will copy the key, along with other contents of RAM, to the hard disk’s swap partition. Since anyone with access to the swap file (including a technician or a thief) could extract the key and decrypt your data, the swap file must be protected with encryption.
Because of this, the installer will warn you if you try to use an encrypted partition alongside an unencrypted swap partition.
Encrypted Swap Partition When an encrypted partition is used, the encryption key is stored in memory (RAM), and when hibernating, a laptop will copy the key, along with other contents of RAM, to the hard disk’s swap partition. Since anyone with access to the swap file (including a technician or a thief) could extract the key and decrypt your data, the swap file must be protected with encryption.
Because of this, the installer will warn you if you try to use an encrypted partition alongside an unencrypted swap partition.