The Raspberry is all well and nice and can run pretty quick. But how can I protect my SD card from offline data attacks. SSH can be protected with a good password or a SSH key but if somebody gets hold of the card I would like it to be encrypted in the most part.
For example all my source php files or any other source code is stored on the SD card and can be easily mounted into another linux system. But i want to prevent this by encryption the entire SD card somehow.
Any suggestions?
You could encrypt the whole disk, pv, or volume using LUKS/dm-crypt if your distribution supports it. It's also possible to encrypt files or directories on the disk while leaving the filesystem mountable (but scrambled).
Either way, you'll run into an issue: Before using the clear data, someone has to input the key. If the key is stored on the card, nothing prevents an attacker reading the key from a stolen card. If it's input by a person, that person needs to manually enter the key after every boot.
how about this for a start
sudo apt-get install ecryptfs-utils
sudo apt-get install lsof
sudo ecryptfs-migrate-home -u pi
There will be a bit more to it but thats the main part - it will only cover your home folder. If you want to do more then its something like:
https://www.howtoforge.com/how-to-encrypt-directories-partitions-with-ecryptfs-on-debian-squeeze
