Encryption Division
1:sudo Apt-get Install Cryptsetup
2: Use the "magnetic disc tool" to create a new sub-area or format the area, and tick "encrypt the bottom layer", follow the prompts to set the password
3: At the same time select the encryption condition: i) forget it immediately. II) Remember to log out. III) always remember. "Advice and Choice I")
Safe Erase
Shred Command
Shred [option (s)] file (s) _or_devices (s)
-f,–force– Change permissions allow write (if necessary)
-n,–iterations=n– rewrite n times instead of default (25) times
-s,–size=n– shredding files into many bytes (suffixes such as K, M, C, etc.) are used
-u,–remove– overwriting and removing files after rewriting
-v,–verbose– Display Process
-x,–exact-do not round file sizes up to the next full block
-z,–zero-add a final overwrite with zeros to hide shredding
–help– Show Help and exit
–version– output version information and exit
-shred Standard Output
Shred Example
1) The following commands can be used to safely delete three folders: File1, File2, and File3:
Shred File1 file2 File3
2) The following command will delete data on the seventh partition of the first HDD:
Shred/dev/hda7
3) To delete data from the selected partition on your hard disk, you can use the following command:
Shred–verbose/dev/sda5
References link:http://www.2cto.com/article/201001/44179.html
Literature
Debian,ubuntu, and Fedora can use Cryptsetup-luks. You don't need to modify the kernel or anything else, you just have to install it.
On the Debian and Ubuntu series:
# Aptitude Installation Cryptsetup
On Fedora:
#yum安装cryptsetup-luks
Get the system ready
Unfortunately, Cryptsetup cannot encrypt the existing data in your system, so you must create an encrypted partition and then transfer the data to the newly created partition. It is easy to manage partitions with the gparted (Gnome partition Editor), with GParted on all major Linux versions. You can use it to resize, move, delete, or create partitions, and you can choose how you prefer to format your file system. It can support all of the partition types and file systems supported by your system kernel, so you can even use the tool on Windows partitions if you have dual systems on your machine. If it is on a new hard drive partition, you can use the GParted live CD.
If you lose your password, it's too bad that you can't get the data back.
To encrypt a partition
With the new blank partition, you can use the Cryptsetup command to encrypt it. Note Be sure to encrypt the partition that you want to protect:
# cryptsetup--verbose--verify-passphrase-c aes-cbc-plain luksformat/dev/sda2
Watch out!
This will irreversibly rewrite the data on the/dev/sda2.
Is you sure? (Type uppercase Yes): Yes
Enter LUKS Passphrase:
Verify Passphrase:
Command successful.
The above command creates an encrypted partition. Now we need to create a logical partition that can be loaded and give it a name. In this case, we'll name it sda2, and you can call it Test, Fred, my secret partition, or whatever you like:
# Cryptsetup Luksopen/dev/sda2 sda2
Enter LUKS Passphrase:
Key slot 0 unlocked.
Command successful.
The following command displays the hidden devices in the/dev/mapper path:
$ ls-l/dev/mapper
Total 0
CRW-RW----1 root root, 2007-06-09 18:38 control
BRW-RW----1 root disk 254, 0 2007-06-09 19:46 sda2
Now put the file system on the logical partition:
# Mkfs.ext3/dev/mapper/sda2
You need to make a mount point so that you can load and use this new, encrypted partition. Remember, you must use the device from the/dev/mapper/path. I'll put it in the root directory. Note the actions that require root permissions:
$ mkdir/home/me/crypted
# mount/dev/mapper/sda1/home/me/crypted
Make sure it is loaded and write a test file:
# df-h
[...]
Filesystem Size used Avail use% mounted on
/dev/mapper/sda2 7.9G 152M 7.3G 3%/home/carla/crypted
# cd/home/me/crypted
# Nano Test
# ls
Lost+found Test
Make it available to users
Everything went well so far! But there is one big problem: only local access to the partition. We have to make it available to ordinary users as well. You can manage this virtual partition in/etc/fstab, just as you would manage other partitions. Add a row to/etc/fstab to allow users without special permissions to load or unload the partition:
/dev/mapper/sda2/home/carla/crypted ext3 user,atime,noauto,rw,dev,exec,suid 0 0
So Carla can load this partition by itself:
$ Mount ~/crypted
However, Carla still cannot write data to it. So again we need to set local permissions, put the correct permissions and the licensor as already loaded hidden devices:
# chown carla:carla/home/carla/crypted/
# chmod 0700/home/carla/crypted/
Well then, a lot of people can be like Carlas! But we need to get Carla to read and write some encrypted folders, while others won't be able to read and write those folders.
You can uninstall and close the encrypted partition manually:
$ umount crypted
# Cryptsetup Luksclose sda2
You only need to enter the Luks password when you turn on the encryption device. Remember, if you lose your password, you're screwed. You can delete the partition again, but the data is unrecoverable. After you open the encryption device and load it, you can use it as you would with other partitions.
You have to run Cryptsetup with local permissions. This may not be very convenient for the user. We also have a lot of solutions for this problem. One of these is the use of Sudo;ubuntu users have ready-made full-featured sudo. Another option is to set it to open when the system is booted and shut down when the system shuts down. Or you might want to create some desktop icons so that users can start and close them as needed at any time.
Ubuntu establishes encrypted sub-area and its safe removal