Encryption

Hard Drive Encryption

All internal machines should be installed with full drive encryption.

For fedora, this is as simple as ticking the correct box when doing the installer.

The password used for decryption should be the current master password.

Technical Details

The encryption is handled by something called LUKS and stands for Linux Unified Key Setup

Adding a Personal Decryption Password

In addition to the master password, you can (and should) have your own personal decryption password.

This is purely as a backup in case you ever can't decrypt with the main password.

Changing Encryption Password

Bradley wrote some detailed documentation here

Add New Key

There is a bash script to allow you to run this process on all drives located in the snippets library:

1
bash /opt/Projects/snippets-edmondscommerce/desktop/Fedora/LUKS_add_key_to_all_drives.bash

This will just add the new key. You must then reboot, check the new key is working and then remove the old key

Remove Old Key

You should make sure you have you main password key and your backup key working, then you can remove the old key.

Warning

You need to have rebooted and used your new password to log in before you do this step

1
bash /opt/Projects/snippets-edmondscommerce/desktop/Fedora/LUKS_remove_key_from_all_drives.bash