Encryption

Two Type of Encryption

1. Symmetric
2. Asymmetric

Symmetric – single key used for encryption and decryption

For Example: user password
To Encrypt a file
# echo “Hello world” > file.txt
# gpg -c file.txt (Give the password to encrypt this file)
To decrypt the file
# gpg -d file.txt.gpg > file2.txt

1
 Encryption Cont.

Asymmetric Encryption
Two keys are used one is public and other is private
Public key is used for encryption and private key used for decryption.

1. Use gpg command to generate public and private 3. Login from user2 and import user1 public key and
key pair. then encrypt a file and send back to user1 & user1
$ gpg --gen-key will decrypt this file by it’s private key

To list public key use $ gpg --import /tmp/user1.key

$ gpg -k $ echo “user2 encrypted file” > my-file
or
$ gpg --list-keys $ gpg --encrypt --armor --recepientuser1 my-file1

To list private key $ mail -s “Encrypted file” user1@desktop1.hcl.com <

$ gpg -K my-file.asc
or
$ gpg --list-secret-keys user1
$ mail
2. Export public key for other user from whom you w file2
want secure communication $ gpg file2 > file3
$ cat file3
$ gpg –export –armor user1 > /tmp/user1.key user2 encrypted file

2
 LUKS (Linux Unified Key Setup)

Linux Unified Key Setup-on-disk-format (or LUKS) allows you to encrypt partitions on your Linux
computer. This is particularly important when it comes to mobile computers and removable media.
LUKS allows multiple user keys to decrypt a master key which is used for the bulk encryption of the
partition.
Overview of LUKS
• What LUKS doesLUKS encrypts entire block devices and is therefore well-suited for protecting the
contents of mobile devices such as removable storage media or laptop disk drives.
• The underlying contents of the encrypted block device are arbitrary. This makes it useful for
encrypting swap devices. This can also be useful with certain databases that use specially formatted
block devices for data storage.
• LUKS uses the existing device mapper kernel subsystem.
• LUKS provides passphrase strengthening which protects against dictionary attacks.
• LUKS devices contain multiple key slots, allowing users to add backup keys/passphrases.
What LUKS does not do:
• LUKS is not well-suited for applications requiring many (more than eight) users to have distinct
access keys to the same device.
• LUKS is not well-suited for applications requiring file-level encryption.

3
 LUKS

Partition Encryption with LUKS Partition Decryption with LUKS

# modprobe dm_crypt umount /my-new/
# modprobe dm_crypt # cryptsetup luksClose mukesh
# lsmod |grep crypt --color # ls -l /dev/mapper/VG1-LV1
# cryptsetup luksFormat /dev/mapper/VG1-LV1 # vim /etc/fstab (delete this line)
# cryptsetup luksOpen /dev/mapper/VG1-LV1 /dev/mapper/mukesh /my-new ext4
mukesh defaults 00
# ls -l /dev/mapper/mukesh
#cryptsetup luksDump /dev/mapper/mukesh # vim /etc/crypttab
# cryptsetup luksUUID /dev/mapper/VG1-LV1 mukesh /dev/mapper/VG1-LV1
# mkfs.ext4 /dev/mapper/mukesh
# mount /dev/mapper/mukesh /my-new Remove this line
# echo -n "redhat123" /etc/secret
# chown root: /etc/secret
# chmod 600 /etc/secret
# vim /etc/crypttab
mukesh /dev/mapper/VG1-LV1 /etc/secret
# vim /etc/fstab
/dev/mapper/mukesh /my-new
ext4 defaults 00
# mount -a