During the installation we will configure the Operating System to encrypt the data stored in the disk. This encryption will ensure the security of the data. Longer is the key, better is the protection but longer is the time of encryption and decryption. In this article we choose the shortest proposed length for the key: AES 128bits
to be fast and secure enough. A key of 128 bits give about 3,4 10^38 possibilities.
“Imagine a computer that is the size of a grain of sand that can test keys against some encrypted data. Also imagine that it can test a key in the amount of time it takes light to cross it. Then consider a cluster of these computers, so many that if you covered the earth with them, they would cover the whole planet to the height of 1 meter. The cluster of computers would crack a 128-bit key on average in 1,000 years.”
Boot on Ubuntu 12.04.1 Alternate media just created (USB key or CD-ROM) and follow the instruction bellow to install the system.
The first screen of the installation process may differ depending on the media you choose for the installation. The procedure bellow has been written from the CD-ROM installation.
If you perform the installation from an USB key, the installation wizard will time to time invite you to umount /dev/sdb
. Do not umount it since this is our installation media.
Select the language to be used during the installation process: English
.
Select your location, configure locales, configure the keyboard
Define hostname, user and password
Do not chose to encrypt the home directory. We will encrypt all the partition.
Set clock and timezone
Partition disks: select a Manual
Create the /boot partition unencrypted
Select the frees pace on sdb and press enter
Select: Create a new partition
Define the size: keep the proposed size
Type of the new partition: Primary
Use As: Ext2 file system
Mount point: /boot
Bootable flag: on
Select: Done setting up the partition
Create an Logical partition
Select the free space on sda and press enter
Select Create a new partition
Define the size: 128M
Type of the new partition: Primary
Location for new partition: Beginning
Use as: do not use
Select: Done setting up the partition
Create an Logical partition
Select the frees pace on sda and press enter
Select Create a new partition
Define the size: keep the proposed size which should be the maximum space available
Type of the new partition: Logical
Use as: do not use
Select Done setting up the partition
Encrypt partition
Select Configure encrypted volumes
Write the change to disk and configure encrypted volumes: Yes
Select Create Encrypted volumes
Select: [*] /dev/sda5
Key size: 128
Done setting up the partition
Keep current partition layout and configure encrypted volume: Yes
Select Finish
Enter a passphrase twice
Congratulation, you have now a system where your data are encrypted and needing an external USB key to start. As we didn't touch the MBR of the internal disk, the previous operating system should continue to start as it did previously. It is now required to boot on the usb key to access to the secured area. Doing so, you will see the boot screen asking the password required to decrypt the disk.
We will see in the next chapter how to make our secured computer as easy to use as an unencrypted and unsecured computer and will configure it to ensure the sustainability of our data.