From Fedora Project Wiki

Fedora提供了几种方法进行磁盘加密和文件加密。

全盘加密

全盘加密透明加密整个块设备/分区/光盘。 在硬件被盗的情况下,这可能是最安全的选择。

可以在安装时选择全盘加密,也可以随时将其添加到(n)个附加USB插件设备 - 请参阅磁盘加密文档。 可以使用循环设备(文件中的加密块设备),在文件分配和每用户设置方面提供更大的灵活性,但需要手动设置,并且测试不够好。

透明文件/目录加密

These are easier to activate in an already installed system and also easier to setup on a per-user basis as they are mounted over existing filesystems. They may support private per-user encrypted directories which can be transparently mounted at login time and private mounts.

This encryption method typically has the drawback that is possible to deduce lots of metadata such as number of files, their approximate sizes, permissions, changes and possibly more.

  • eCryptfs
  • EncFS

文件加密

GnuPG还实现了非常安全可移植的文件加密,可用于加密备份文件或压缩文件。随机的访问单个文件或小的文件内容更改并不适用此方法。