This article outlines how to encrypt the filesystem (with 128bit AES encryption and 256bit SHA-1 hash). Before you start though, please bevare of a couple of important caveats:
- It will most likely cause noticeable performance degredation. Depending on what you use LiquidFiles for, network speed, system load and how critical transfer speeds are, this may or may not be a problem.
- You will need to type a long random password on the console every time the machine boots, or reboots. There’s no way around this while still maintaining security.
- It will prevent things like filesystem expansion. If you want to change the disk size, you will have to re-install the system and migrate the data across.
How to configure disk encryption
When installing LiquidFiles, please select to use the custom disk option.
Proceed with Install
When the installed has booted, please click "INSTALLATION DESTINATION" option.
Please select "Encrypt my data." checkbox and "I will configure a partition" ratio button.
Please note that the "I will configure partition" option is only required if your disk is larger than 50GB. On default, CentOS will split larger disks into a root and a home partition if the disk is larger than 50GB. This will prevent LiquidFiles from using more than 50GB of disk space. As can be seen on the following screens.
On this screen, please highlight the cl_home partition and delete it. Then, please edit the sda1 - boot partition and reduce the Size to 512MB.
After that edit the cl_root partition and change the Size (MB): to match the Max size is in the following screens.
When you're finished, please ok and click Done.
At the next screen, you will be prompted for a password. Please make sure that it's a good random password.
The installation will continue as normal. From now on, every time the disk boots, you will be prompted to enter the password.
There’s no way of recovering the encryption key, if you loose it, you will loose your data.
There’s no way of automating the boot, you have to enter the encryption key on the console every time.
Also, please note that you won't be able to expand the disk after it's been encrypted. If you want to expand the disk, you will have to re-install the system and migrate the data over.