For today’s lesson we’ll show you how to secure data by encryption a partition, a folder, and also how to create a hidden volume with TrueCrypt.
Encrypting a Partition
Ubuntu’s alternate CD installation wizard gives us an option to encrypt our Ubuntu installation partition, so you’ll want to burn the ISO file into a live disk or create a bootable USB drive and install Ubuntu with it.
Ubuntu’s alternate installation menu is very similar to your standard Ubuntu installation menu. The installation wizard will ask you to choose your language, keyboard, network, and the most important step is the partitioning method where we need to choose the ‘Guided – use entire disk and set up encrypted LVM’ option to encrypt our entire hard disk.
Please note that we have to provide a ‘Master’ and not ‘Slave’ empty hard drive for the installation.
The installation wizard will ask you to specify a passphrase that you will use to decrypt your hard drive when you login to Ubuntu.
The encryption wizard will encrypt your ‘home’ folder, just in case if we place our ‘home’ folder outside your Ubuntu installation partition.
That’s it ! Follow the rest of the installation steps and the wizard will install Ubuntu on top of an encrypted partition.
Encrypting a Folder
eCryptfs is a cryptographic file system based on PGP created by Philip Zimmerman on 1991. The great thing about eCryptfs compare to other encryption file system, such as TrueCrypt, is that we do not need to pre-allocate a certain amount of disk space that we want to encrypt.
We can easily install eCryptfs by executing the following command in the console
eCryptfs create a ‘private’ directory in your local drive where eCryptfs encrypts any files that we store in it.
Note: this will setup a hidden private directory: ~/.Private
We should store our sensitive data into the ‘private’ directory to make sure that attackers will not be able to get our data easily. ecryptfs will hide any files that we store in the private folder when it is not mounted.
The private directory will be automatically mounted when we log in to our account. This creates an opportunity for another person to gain access to this private folder when the user leaves the computer. A way to mitigate this problem is to prevent ecryptfs unlocking the private folder when we login by removing the empty file auto-mount which is located in ~/.ecryptfs/ and unmount the directory when we’re not using our computer.
Creating a Hidden Encrypted Volume
TrueCrypt is a free Open Source disk encryption utility that works with Windows, Mac, and Linux. It provides on-the-fly encryption and after the drive is encrypted you can continue to use everything like you normally would.
You can download TrueCrypt as Ubuntu deb file from its website. Once downloaded, unpack the archive and double-click on the installer to run the setup. After installation, you will find TrueCrypt from the menu location: Applications > Accessories > TrueCrypt.
Start by creating a volume that we want to encrypt.
A TrueCrypt volume can reside in a file, which is also called container, in a partition or drive.
TrueCrypt gives us an option to create a hidden encrypted volume inside another TrueCrypt encrypted volume.
You should copy sensitive looking files that you do not want to hide to the outer volume. These files act as a decoy when people force you to reveal the outer volume password. You should files that you REALLY want to hide inside the hidden volume, and you should never reveal the encrypted hidden volume.
Now you have to choose the name of the volume file and the location where you want to store the volume file. A new file will be created. If you choose an existing file, it will be overwritten. So give a unique name for your TrueCrypt volume file.
You can choose different levels of encryption. There are several types to choose from and each has its unique qualities…but for most users you will be fine with AES.
set the volume size and make sure you provide enough space for non-encrypted volume space.
TrueCrypt advise us to use at least 20 characters for our password. Choose a password that is easy to remember and not easy to guess.
Move your mouse as randomly as possible within the Volume Creation Wizard window at least for 30 seconds. The longer you move the mouse, the better. This significantly increases the cryptographic strength of the encryption keys (which increases security).
TrueCrypt will automatically mount the encrypted drive as a virtual encrypted disk.
Now we shall setup the hidden volume.
Choose a suitable hard drive format for the hidden volume.
We have the option to make this hidden volume to be compatible with other platforms.
Encryption is just one level of securing our data in our PC, we also need to consider to install other security software such as virus scanner or firewall to protect us from viruses and intruders when we’re online.