0

I'm reading and studying for my LPI-1 exam, when I came across LUKS for disk encryption. I found it super cool and went to try it on my home lab, in my Debian machine. Installed everything, encrypted the disk... But I guess I didn't understand it very well.

When I mounted the disk, I created text files inside it, transferred it to my USB stick and I was able to open the files normally on my Windows 11 machine. So the encryption will work on what cases? If someone steal my HDD or something like that? I thought all the files would be constantly encrypted everywhere that is not my Linux machine but it seems that, once mounted, the files will be decrypted and if someone hack into my environment they will still have access to all my files, it that right to assume?

Improve this question

3 Answers 3

Reset to default
3

LUKS encrypts a partition - not a file - so when the LUKS partition is decrypted and the filesystem exposed, the data is copied.

While not identical, LUKS is conceptually very similar to Bitlocker if you are familiar with that.

For LUKS The "disk" layers in play are typically this

Disk -> Partition -> LUKS -> Filesystem -> Files

Once the LUKS partition is opened the OS can mount the filesystem and can access files and the OS will read and write and see files exactly as if there was no encryption - however when the drive is detached from the computer, or the computer is off, the LUKS partition is not open and the files are encrypted - so if someone steals your hard drive, or if you need to send back a faulty drive - your data is safe. (Indeed if someone steals your computer, and you are logged out and your LUKS system requires a passphrase to mount you are fairly safe too - exactly how much depends on the strength of your password and how it's setup.)

Improve this answer
0

Files on a Luks encrypted filesystems are protected while on the filesystem. When you copy files off of the filesystem, you lose that protection.

Most Luks encryption are whole drive or partition. So they are unlocked at boot time. This protects your files if your drive is stolen. When the computer is running, an authorized user has access to the filesystem.

Perhaps you might want encfs https://en.m.wikipedia.org/wiki/EncFS

Improve this answer
1
  • 1
    Be aware that EncFS won't keep "mounted" files protected when copied. Also, EncFS has some significant security concerns around it - see askubuntu.com/questions/813290/encfs-insecure-what-to-use-now - security wise its not in the same league as LUKS - and indeed I suspect that is why file level encryption was removed from Ubuntu a long time ago.
    – davidgo
    Commented Apr 8 at 5:47
0

As others said, your files will be exposed when the luks container is open. In order to prevent access to those files, you need other security mechanisms, such as proper firewall rules, proper access controls (MAC/DAC).

Improve this answer

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .