Data encryption and why does it matter – encrypting Linux VPS

nc efi placeholder


Data encryption. Today, it is not only for secret services, big companies, or hackers. Online privacy and the safety of data is everyone’s concern. Data encryption, simply speaking, is converting said data into code, so that only those who possess a special decryption key can access it. This keeps all the transferred information safe from any unwanted outsiders.

Basic principles of data encryption

By now, the old data encryption standard has been replaced by a new, more advanced algorithm method. All this secrecy and encryption serves a critical role in communications, authentication, and the security of IT systems. An encryption algorithm and encryption key are used to encrypt plaintext or data. There are two ways to encrypt data, by using an asymmetric-key cipher or asymmetric encryption. Symmetric-key cipher uses the same key when encrypting and decrypting files and messages. While this method is faster, the one sending the data must also provide a key for the side receiving that data. As bigger companies find themselves overwhelmed by a huge number of keys being sent and distributed securely, they have opted to use asymmetric algorithms for exchanging the secret key after using a symmetric algorithm for data encryption.

Asymmetric cryptography is also called public-key cryptography. That is because it has two keys – public and private. With this, the public key might be shared with anyone and only the private one must be protected. This system is most often used when sending out sensitive data over public internet access.

Encrypting your Linux VPS

Now, since you roughly know what data encryption is and why it is used, here is a simple guide on how to encrypt your own Linux VPS. Use these commands to convert a normal disk to dm-crypt enabled disk:

  1. Enter sudo umount -l /dev/nvme0n1 to unmount the disks file system.
  2. sudo dd if=/dev/urandom of=/home/opc/key0.key bs=1 count=4096 will generate the key which will be used by luksFormat.
  3. sudo /usr/sbin/cryptsetup -q -s 512 \

luksFormat /dev/nvme0n1 /home/opc/key0.key
This will initialize LUKS partition and set the initial key.

  1. Open LUKS partition on the disk and set up a mapping name
    sudo /usr/sbin/cryptsetup –allow-discards \

luksOpen -d /home/opc/key0.key /dev/nvme0n1 dm-nvme0n1

  1. Next step is creating an ext4 file system on the disk.
    sudo /sbin/mkfs.ext4 /dev/mapper/dm-nvme0n1
  2. Then set parameters for the said file system
    sudo /usr/sbin/tune2fs -e remount-ro /dev/mapper/dm-nvme0n1
  3. The last step is mounting the file system onto a specified directory
    sudo mount /dev/mapper/dm-nvme0n1 /ons/nvme0n1

That is, it! Your data is all safe and sound.