Classnotes | UNIX03 | RecentChanges | Preferences One of the great benefits of Linux being an international and non-corporate controlled operating system is that it can genuinely have an emphasis on user and data privacy that can be free from non-altruistic influences. While this may mean that components of this functionality may not be permissible in the country or region you live it, it does not mean that there exists this functionality elsewhere.
Under Linux you really have a wide variety of options available for strong encryption of data and transmissions. Everything from the Open Source Gnu Privacy Guard (GnuPG?, http://gnupg.org/) for general digital signing and encryption to the encrypted loopback device for specific filesystem and connection encryption.
We are going to start off this day with a very brief overview of some of the available options to a Linux system administrator with respect to strong encryption. We will also point out how to go about several types of encryption and where to go for more information.
What are we talking about?
With respect to Linux and encryption, it really is important that we first identify exactly what it is we are talking about. This is because encryption under Linux isn't exactly like what you'd find under another OS like Windows, which may offer encryption only if a certain OS kernel is in use.
When we speak of encryption under Linux, there are two main types of encryption:
Kernel space encryption
User space encryption
User space encryption is the thing most people think of when you talk of encryption. Encryption in the user space means encryption handled by high level libraries and applications running in the user's domain. This could be things like web browsers using SSL to communicate securely, or a user encrypting his or her mail with PGP.
Kernel space encryption on the other hand is encryption happenning at the OS kernel level. This is much more general purpose as it can conceivably affect every component of a Linux system. This could include things like encrypting file systems on hard drives, individual files in the systems, network traffic across a datalink, or even keystrokes and mouse movements to combat Van Eck phreaking (see [this]).
These two forms of encryption under Linux are not dependant upon eachother. You can easily have high encryption in the user space in spite of the fact you are lacking a cryptographic kernel.
History of Strong Encryption in the Linux Kernel
Traditionally, some of the high encryption options in the Kernel have been regulated by various international laws. As such, most of these encryption options have been kept out of the kernel proper and distributed as patches instead.
This means, in order to use most of them you will likely have to recompile your kernel as the stock one shipped with your distribution is unlikely to have these patches.
There are, however, some projects which allow kernel-like encryption in the userspace, and which require little (if any) kernel modification and possibly don't even need a reboot to utilize.
We will take a quick look at all of these right now.
