Credit: //gitlab.com/cryptsetup
Everyone who uses disk encryption benefits from the security it provides, because once the information is compromised, it’s out there forever. Stolen unencrypted laptops are a treasure trove for the nosey or potential fraudster. Most modern Linux distributions make it very easy to turn on full disk encryption at installation time, but the installer can sometimes hide the more useful features in an effort to simplify the installation process. In this feature we’ll cover how to set up encryption, how the underlying encryption system works, how to use it, any potential pitfalls and how to avoid potential encryption disasters.
Before continuing further, it’s absolutely key to mention that some of the procedures mentioned here are destructive in nature. Therefore, ensure that there’s an appropriately tested backup before following along, and always exercise caution. It’s strongly recommended to experiment in a disposable virtual machine. For this tutorial we’re using Ubuntu 22.04 desktop in a VirtualBox VM with two disks. We suggest making the two disks different sizes – this will make it easier to differentiate between them.
Broadly speaking, disk encryption falls into two categories: file-based encryption and full disk encryption (FDE). File-based encryption, as the name suggests, encrypts on a per-file basis. The problem is that it’s extremely susceptible to incorrect use or bad management oversight