linux 硬盘加密_如何通过加密硬盘驱动器来保护Linux PC

linux 硬盘加密

There’s bound to be data on your computer that you want to protect from hackers, nosy friends, or curious colleagues. Encrypting your computer drive protects you from intruders, and here’s a couple of different ways to secure your data.

您的计算机上肯定有一些数据需要保护，免受黑客，爱管闲事的朋友或好奇的同事的攻击。 加密计算机驱动器可以保护您免受入侵者的侵害，这里有几种保护数据安全的不同方法。

For today’s lesson we’ll show you how to secure data by encryption a partition, a folder, and also how to create a hidden volume with TrueCrypt.

在今天的课程中，我们将向您展示如何通过对分区，文件夹进行加密来保护数据的安全，以及如何使用TrueCrypt创建隐藏卷。

Image by xkcd, obviously.

图片显然是xkcd 。

加密分区 (Encrypting a Partition)

Ubuntu’s alternate CD installation wizard gives us an option to encrypt our Ubuntu installation partition, so you’ll want to burn the ISO file into a live disk or create a bootable USB drive and install Ubuntu with it.

Ubuntu的备用CD安装向导为我们提供了一个加密Ubuntu安装分区的选项，因此您需要将ISO文件刻录到活动磁盘中或创建可引导的USB驱动器并与其一起安装Ubuntu。

Ubuntu’s alternate installation menu is very similar to your standard Ubuntu installation menu. The installation wizard will ask you to choose your language, keyboard, network, and the most important step is the partitioning method where we need to choose the ‘Guided – use entire disk and set up encrypted LVM’ option to encrypt our entire hard disk.

Ubuntu的备用安装菜单与标准的Ubuntu安装菜单非常相似。 安装向导将要求您选择语言，键盘，网络，最重要的步骤是分区方法，我们需要选择“引导–使用整个磁盘并设置加密的LVM”选项来加密整个硬盘。

Please note that we have to provide a ‘Master’ and not ‘Slave’ empty hard drive for the installation.

请注意，我们必须为安装提供“主”而不是“从”空硬盘驱动器。

The installation wizard will ask you to specify a passphrase that you will use to decrypt your hard drive when you login to Ubuntu.

安装向导将要求您指定一个密码，当您登录Ubuntu时将使用该密码来解密硬盘。

The encryption wizard will encrypt your ‘home’ folder, just in case if we place our ‘home’ folder outside your Ubuntu installation partition.

加密向导将加密您的“ home”文件夹，以防万一我们将“ home”文件夹放置在Ubuntu安装分区之外。

That’s it ! Follow the rest of the installation steps and the wizard will install Ubuntu on top of an encrypted partition.

而已 ！ 遵循其余的安装步骤，向导将在加密分区的顶部安装Ubuntu。

加密文件夹 (Encrypting a Folder)

eCryptfs is a cryptographic file system based on PGP created by Philip Zimmerman on 1991. The great thing about eCryptfs compare to other encryption file system, such as TrueCrypt, is that we do not need to pre-allocate a certain amount of disk space that we want to encrypt.

eCryptfs是基于Philip Zimmerman于1991年创建的PGP的加密文件系统。与其他加密文件系统(如TrueCrypt)相比，eCryptfs的伟大之处在于我们不需要预先分配一定数量的磁盘空间要加密。

We can easily install eCryptfs by executing the following command in the console

通过在控制台中执行以下命令，我们可以轻松安装eCryptfs

sudo aptitude install ecryptfs-utils

sudo aptitude install ecryptfs-utils

eCryptfs create a ‘private’ directory in your local drive where eCryptfs encrypts any files that we store in it.

eCryptfs在本地驱动器上创建一个“专用”目录，eCryptfs在该目录中加密我们存储在其中的所有文件。

ecryptfs-setup-private

ecryptfs-setup-private

Note: this will setup a hidden private directory: ~/.Private

注意：这将设置一个隐藏的私有目录：〜/ .Private

We should store our sensitive data into the ‘private’ directory to make sure that attackers will not be able to get our data easily. ecryptfs will hide any files that we store in the private folder when it is not mounted.

我们应该将敏感数据存储到“私有”目录中，以确保攻击者无法轻松获取我们的数据。 当未加密时，ecryptfs将隐藏我们存储在私有文件夹中的所有文件。

The private directory will be automatically mounted when we log in to our account. This creates an opportunity for another person to gain access to this private folder when the user leaves the computer. A way to mitigate this problem is to prevent ecryptfs unlocking the private folder when we login by removing the empty file auto-mount which is located in ~/.ecryptfs/ and unmount the directory when we’re not using our computer.

当我们登录我们的帐户时，私人目录将被自动挂载。 当用户离开计算机时，这为另一个人提供了访问此私有文件夹的机会。 缓解此问题的一种方法是，通过删除〜/ .ecryptfs /中的空文件自动挂载防止在登录时ecryptfs解锁私人文件夹，并在不使用计算机时卸载该目录。

ecryptfs-umount-private

ecryptfs-umount-private

创建隐藏的加密卷 (Creating a Hidden Encrypted Volume)

TrueCrypt is a free Open Source disk encryption utility that works with Windows, Mac, and Linux. It provides on-the-fly encryption and after the drive is encrypted you can continue to use everything like you normally would.

TrueCrypt是一个免费的开源磁盘加密实用程序，可与Windows，Mac和Linux一起使用。 它提供了实时加密功能，对驱动器进行加密后，您可以像往常一样继续使用所有内容。

You can download TrueCrypt as Ubuntu deb file from its website. Once downloaded, unpack the archive and double-click on the installer to run the setup. After installation, you will find TrueCrypt from the menu location: Applications > Accessories > TrueCrypt.

您可以从其网站上将TrueCrypt下载为Ubuntu deb文件。 下载完成后，解压缩归档文件，然后双击安装程序以运行安装程序。 安装后，您将从菜单位置找到TrueCrypt：应用程序>附件> TrueCrypt。

Start by creating a volume that we want to encrypt.

首先创建要加密的卷。

A TrueCrypt volume can reside in a file, which is also called container, in a partition or drive.

TrueCrypt卷可以驻留在分区或驱动器中的文件(也称为容器)中。

TrueCrypt gives us an option to create a hidden encrypted volume inside another TrueCrypt encrypted volume.

TrueCrypt使我们可以选择在另一个TrueCrypt加密卷中创建隐藏的加密卷。

You should copy sensitive looking files that you do not want to hide to the outer volume. These files act as a decoy when people force you to reveal the outer volume password. You should files that you REALLY want to hide inside the hidden volume, and you should never reveal the encrypted hidden volume.

您应该将不想隐藏的敏感外观文件复制到外部卷。 当人们强迫您显示外部卷密码时，这些文件将充当诱饵。 您应该真正要隐藏在隐藏卷中的文件，并且永远不要泄露加密的隐藏卷。

Image By TrueCrypt

图片由TrueCrypt提供

Now you have to choose the name of the volume file and the location where you want to store the volume file. A new file will be created. If you choose an existing file, it will be overwritten. So give a unique name for your TrueCrypt volume file.

现在，您必须选择卷文件的名称以及要存储卷文件的位置。 将创建一个新文件。 如果选择现有文件，它将被覆盖。 因此，为您的TrueCrypt卷文件指定一个唯一的名称。

You can choose different levels of encryption. There are several types to choose from and each has its unique qualities…but for most users you will be fine with AES.

您可以选择不同级别的加密。 有多种类型可供选择，每种都有其独特的品质……但是对于大多数用户而言，使用AES会很好。

set the volume size and make sure you provide enough space for non-encrypted volume space.

设置卷大小，并确保为非加密卷空间提供足够的空间。

TrueCrypt advise us to use at least 20 characters for our password. Choose a password that is easy to remember and not easy to guess.

TrueCrypt建议我们使用至少20个字符作为密码。 选择一个容易记住且不容易猜到的密码。

Move your mouse as randomly as possible within the Volume Creation Wizard window at least for 30 seconds. The longer you move the mouse, the better. This significantly increases the cryptographic strength of the encryption keys (which increases security).

在“卷创建向导”窗口中尽可能随机地移动鼠标至少30秒。 移动鼠标的时间越长越好。 这显着提高了加密密钥的加密强度(从而提高了安全性)。

TrueCrypt will automatically mount the encrypted drive as a virtual encrypted disk.

TrueCrypt将自动将加密驱动器安装为虚拟加密磁盘。

Now we shall setup the hidden volume.

现在我们将设置隐藏卷。

Choose a suitable hard drive format for the hidden volume.

为隐藏的卷选择合适的硬盘驱动器格式。

We have the option to make this hidden volume to be compatible with other platforms.

我们可以选择使该隐藏卷与其他平台兼容。

Encryption is just one level of securing our data in our PC, we also need to consider to install other security software such as virus scanner or firewall to protect us from viruses and intruders when we’re online.

加密只是将数据保护在PC上的一种级别，我们还需要考虑安装其他安全软件，例如病毒扫描程序或防火墙，以保护我们在线时免受病毒和入侵者的侵害。

翻译自: https://www.howtogeek.com/howto/33255/how-to-secure-your-linux-pc-by-encrypting-your-hard-drive/

linux 硬盘加密