Nothing Special   »   [go: up one dir, main page]
Scribd Logo
Upload

Welcome to Scribd!

  • 23 views

    Encryption: Two Type of Encryption 1. Symmetric 2. Asymmetric

    Uploaded by

    Naman Sharma
    Symmetric encryption uses a single key for encryption and decryption, like a user password. Asymmetric encryption uses two keys - a public key for encryption and a private key for decryption. LUKS allows encrypting partitions on Linux, using multiple user keys to decrypt a master key which encrypts the partition, providing passphrase strengthening against dictionary attacks.

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd

    Encryption: Two Type of Encryption 1. Symmetric 2. Asymmetric

    Uploaded by

    Naman Sharma
    23 views4 pages
    Symmetric encryption uses a single key for encryption and decryption, like a user password. Asymmetric encryption uses two keys - a public key for encryption and a private key for decryption. LUKS allows encrypting partitions on Linux, using multiple user keys to decrypt a master key which encrypts the partition, providing passphrase strengthening against dictionary attacks.

    Original Description:

    LUKS encryption in detail

    Original Title

    Encryption-LUKS

    Copyright

    © © All Rights Reserved

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Symmetric encryption uses a single key for encryption and decryption, like a user password. Asymmetric encryption uses two keys - a public key for encryption and a private key for decryption. LUKS allows encrypting partitions on Linux, using multiple user keys to decrypt a master key which encrypts the partition, providing passphrase strengthening against dictionary attacks.

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Download as pdf or txt
    23 views4 pages

    Encryption: Two Type of Encryption 1. Symmetric 2. Asymmetric

    Uploaded by

    Naman Sharma
    Symmetric encryption uses a single key for encryption and decryption, like a user password. Asymmetric encryption uses two keys - a public key for encryption and a private key for decryption. LUKS allows encrypting partitions on Linux, using multiple user keys to decrypt a master key which encrypts the partition, providing passphrase strengthening against dictionary attacks.

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Download as pdf or txt
    of 4

    Encryption

    Two Type of Encryption


    1. Symmetric
    2. Asymmetric

    Symmetric – single key used for encryption and decryption


    For Example: user password
    To Encrypt a file
    # echo “Hello world” > file.txt
    # gpg -c file.txt (Give the password to encrypt this file)
    To decrypt the file
    # gpg -d file.txt.gpg > file2.txt

    1
    Encryption Cont.

    Asymmetric Encryption
    Two keys are used one is public and other is private
    Public key is used for encryption and private key used for decryption.

    1. Use gpg command to generate public and private 3. Login from user2 and import user1 public key and
    key pair. then encrypt a file and send back to user1 & user1
    $ gpg --gen-key will decrypt this file by it’s private key

    To list public key use $ gpg --import /tmp/user1.key


    $ gpg -k $ echo “user2 encrypted file” > my-file
    or
    $ gpg --list-keys $ gpg --encrypt --armor --recepientuser1 my-file1

    To list private key $ mail -s “Encrypted file” user1@desktop1.hcl.com <


    $ gpg -K my-file.asc
    or
    $ gpg --list-secret-keys user1
    $ mail
    2. Export public key for other user from whom you w file2
    want secure communication $ gpg file2 > file3
    $ cat file3
    $ gpg –export –armor user1 > /tmp/user1.key user2 encrypted file

    2
    LUKS (Linux Unified Key Setup)

    Linux Unified Key Setup-on-disk-format (or LUKS) allows you to encrypt partitions on your Linux
    computer. This is particularly important when it comes to mobile computers and removable media.
    LUKS allows multiple user keys to decrypt a master key which is used for the bulk encryption of the
    partition.
    Overview of LUKS
    • What LUKS doesLUKS encrypts entire block devices and is therefore well-suited for protecting the
    contents of mobile devices such as removable storage media or laptop disk drives.
    • The underlying contents of the encrypted block device are arbitrary. This makes it useful for
    encrypting swap devices. This can also be useful with certain databases that use specially formatted
    block devices for data storage.
    • LUKS uses the existing device mapper kernel subsystem.
    • LUKS provides passphrase strengthening which protects against dictionary attacks.
    • LUKS devices contain multiple key slots, allowing users to add backup keys/passphrases.
    What LUKS does not do:
    • LUKS is not well-suited for applications requiring many (more than eight) users to have distinct
    access keys to the same device.
    • LUKS is not well-suited for applications requiring file-level encryption.

    3
    LUKS

    Partition Encryption with LUKS Partition Decryption with LUKS


    # modprobe dm_crypt umount /my-new/
    # modprobe dm_crypt # cryptsetup luksClose mukesh
    # lsmod |grep crypt --color # ls -l /dev/mapper/VG1-LV1
    # cryptsetup luksFormat /dev/mapper/VG1-LV1 # vim /etc/fstab (delete this line)
    # cryptsetup luksOpen /dev/mapper/VG1-LV1 /dev/mapper/mukesh /my-new ext4
    mukesh defaults 00
    # ls -l /dev/mapper/mukesh
    #cryptsetup luksDump /dev/mapper/mukesh # vim /etc/crypttab
    # cryptsetup luksUUID /dev/mapper/VG1-LV1 mukesh /dev/mapper/VG1-LV1
    # mkfs.ext4 /dev/mapper/mukesh
    # mount /dev/mapper/mukesh /my-new Remove this line
    # echo -n "redhat123" /etc/secret
    # chown root: /etc/secret
    # chmod 600 /etc/secret
    # vim /etc/crypttab
    mukesh /dev/mapper/VG1-LV1 /etc/secret
    # vim /etc/fstab
    /dev/mapper/mukesh /my-new
    ext4 defaults 00
    # mount -a

    You might also like