I have a server in colocation. Every evening a number of business backup their work onto my server. The server is physically secure, however, I'm currently interested in making the partitions encrypted (the partition on which their data is stored -- eg /home).
Firstly, how does encyption work on a file system? that is, if someone steals my computer, I understand that the cannot access the data in /home without a password/passphrase. Does this passphrase have to be entered at boot up, or when the use logs into /home??
Because the server is in colocation, I cannot type in a passphrase when the system boots up, unless I can add it to lilo.conf somehow.
Secondly, all of the backups are automatic and specifically do not require user input. Thus, the encyption passphrase cannot be entered by the user when they log on.
- if I'm right in thinking that a password/passphrase is entered at some point in bootup, how can I do this?
- can I just use a standard ext3 filesystem and then apply encryption to it? I read about this:
mount -t ext3 /dev/sda1 /mnt/crypto/ -oencryption=aes-256
- my disks are in RAID 1, will this matter?
- can anyone suggest a way of doing this? And direct me to a how to?
thank you very much