40.0 Encrypting Partitions and Files

Every user has some confidential data that third parties should not be able to access. The more you rely on mobile computing and on working in different environments and networks, the more carefully you should handle your data. The encryption of files or entire partitions is recommended if others have network or physical access to your system. Laptops or removable media, such as external hard disks or USB sticks, are prone to being lost or stolen. Thus, it is recommended to encrypt the parts of your file that hold confidential data.

There are several ways to protect your data by means of encryption:

Encrypting a Hard Disk Partition

You can create an encrypted partition with YaST during installation or in an already installed system. Refer to Section 40.1.1, Creating an Encrypted Partition during Installation and Section 40.1.2, Creating an Encrypted Partition on a Running System for details. This option can also be used for removable media, such as external hard disks, as described in Section 40.1.4, Encrypting the Content of Removable Media.

Creating an Encrypted File as Container

You can create an encrypted file on your hard disk or on a removable medium with YaST at any time. The encrypted file can then be used to store other files or folders. For more information, refer to Section 40.1.3, Creating an Encrypted File as a Container.

Encrypting Home Directories

With openSUSE, you can also create encrypted home directories for users. When the user logs in to the system, the encrypted home directory is mounted and the contents are made available to the user. Refer to Section 40.2, Using Encrypted Home Directories for more information.

Encrypting Single Files

If you only have a small number of files that hold sensitive or confidential data, you can encrypt them individually and protect them with a password using the vi editor. Refer to Section 40.3, Using vi to Encrypt Single Files for more information.