Replies

Already done. But you'll have to ditch MS-Windows like the bad habit that it is in order to have what you're asking for. Take any mainstream Linux system (Debian and CentOS work well) and read up on LUKS (Linux Unified Key System). There is a lot of available information about how to create a totally encrypted system. The HOWTOs are even available for doing this in a way where the encryption keys are NOT stored on the system, but rather on removable media (for example, a USB stick). An encrypted system using ANY asymetric encryption technique is just a non-recoverable bunch of junk if the keys aren't available, and a USB stick is a whole lot easier to destroy, or "lose" than an entire system, or even a single hard disk.

Encryption isn't the only issue though. Encryption doesn't solve the entire problem. You could fully encrypt your system and somebody like me merely needs to access it when you aren't around and they'll get your passphrases anyway just by knowing the boot process well. This in itself is a good reason to keep the keys on separate media because having the passphrase at that point is only half the equation. The other areas to pay special attention to are physical access and integrity. Physical access is a little easier to contend with IF it's a laptop, or you remove the hard disk and keep it with you all the time. Integrity "can" be solved by tuning SELinux (Security Enhanced Linux).

Microsoft has made the above out of reach via any of their products. Debian and Ubuntu Linux actually give you the option of building a "mostly" encrypted system when you install them. But there's still a lot to it and it's beyond most "normal" computer users. :-)

...and there's the issue of secure communications... lets not even go there. :-)