Data-at-rest encryption

This article discusses data-at-rest encryption software, which on-the-fly encrypts / decrypts data written to / read from a block device, disk partition or directory. Examples for block devices are hard drives, flash drives and DVDs.

Data-at-rest encryption should only be viewed as an adjunct to the existing security mechanisms of the operating system - focused on securing physical access, while relying on other parts of the system to provide things like network security and user-based access control.

For Full-disk encryption (FDE), see dm-crypt/Encrypting an entire system.

Projects

• dm-crypt
• VeraCrypt
• eCryptfs
• EncFS
• gocryptfs
• fscrypt
• Tomb
• tcplay
• GnuPG
• Self-Encrypting Drives

Filesystem

• Encrypting File System
• Linux Unified Key Setup (LUKS)

See also

• data-at-rest
• Encryption
• Filesystem
• Information security
• Disk encryption

Favorite site

• Data-at-rest encryption - ArchWiki