Cryptographic libraries included with Oracle Linux can be used by software to provide data encryption facilities. You can use data encryption to protect data that's stored or being transmitted. Data on storage devices and media can be at risk of theft or device loss. Data being transmitted over local area networks and the Internet can be intercepted or altered. By encrypting data, you can help protect it while it's in storage or in transmission, thereby providing a safer infrastructure. In addition, data encryption to protect privacy and personal data is increasingly being made a mandatory requirement in corporate security policies and by governmental regulations (for example, HIPAA, GLBA, SOX, and PCI DSS).

Oracle Linux systems provide the following strategies for protecting data:

• When installing systems and application software, only accept RPM packages that have been digitally signed by a trusted source.

  To ensure that downloaded software packages are signed, set gpgcheck=1 in the repository configuration file and import the GPG key provided by the software supplier. Oracle Linux images normally have this setting enabled as a global default in the /etc/dnf/dnf.conf file. You can also install RPMs using the Secure Sockets Layer (SSL) protocol, which uses encryption to protect the communications channel.

  For more information, see Oracle Linux: Managing Software on Oracle Linux.

• To protect against data theft, consider using full-disk encryption, especially on laptops, external hard drives, or removable devices such as USB memory sticks. Oracle Linux provides block device encryption by using the dm-crypt kernel module and the Linux Unified Key Setup (LUKS) format. The cryptsetup administration command is available in the cryptsetup package.

  These technologies encrypt device partitions so that the data is inaccessible when a system is turned off. When the system boots and you supply the appropriate passphrase, the device is decrypted and its data is accessible. See Oracle Linux 8: Managing Storage Devices for more information about encrypting block devices. Also see the cryptsetup(8) manual page for general usage instructions.

• Oracle Linux uses encryption to support Virtual Private Networks (VPNs) and Secure Shell (SSH). You can use these tools to encrypt network traffic end-to-end, thereby ensuring that data is kept safe during transmission. For more information, see Oracle Linux: Connecting to Remote Systems With OpenSSH and Configuring Virtual Private Networks in Oracle Linux: Configuring Virtual Private Networks.

• Oracle Linux uses encryption to store system passwords. By default, Oracle Linux uses a strong password hashing algorithm (SHA-512) and stores hashed passwords in the /etc/shadow file.

• Oracle Linux takes advantage of hardware-accelerated encryption on Intel CPUs that use the Advanced Encryption Standard New Instructions (AES-NI) instruction set, which speeds up the execution of AES and RC4 algorithms on the x86_64 architecture.