In the following a method of doing the actual encryption is needed. There
are several ways to do that. I have tried Best Crypt from Jetico earlier, which is easy to setup but has some disadvantages:
first it is not free (in fact there is no licence expiring like in the windows version of the
program, but it would be illegal to use it after the 30 days testperiod without buying a licence)
and it has a bad performance. Some annoying problem, at least for me, is the necessity to compile it
outside the kernel, instead of having a kernel patch directly. However it has some advantages too:
it offers several different encryption methods and let you choose a suitable tradeoff between
security (encryption strengh in that case) and performance. Furthermore the system works both on
Linux and Microsoft Windows (TM), which let you read your
data on both platforms. This is dispensable for me, since I only use Linux.
There is a program called CFS which is Open Source and runs completly in userspace, but needs NFS
and associated RPC programs, which I do not want to use. So my tool of choose is Loop-AES here.
Redhat 9 already has an encryption system built in, but since I
compile my own kernel anyway I choose Loop-AES for the encryption task. It is easy to setup (ok, the
first time might be tricky since you need to install a special losetup version) and painless in use,
the performance is good and configureable, AES is a fair and strong encryption, and the option to
use GPG for encrypting a reasonable key improves the security. Also a big advantage is, that
Loop-AES encrypts in blocks of 512 bytes and is independent to the size of the underlaying device
which allows transparent resizing (extending and shrinking) of the underlaying filesystem, a very
useful feature if you run out of space and use LVM.
The first thing to start is installing a patched version of the util-linux package and then
installing a modified loopback-device driver (either by patching the kernel or by compiling a
patched loop.o module).
I added this section in February 2006 updating some of the information presented so far. When Fedora Core 4 was available I switched from Loop-AES to dm-crypt, because all tools were already included in the distribution, and it was compatible to my already encrypted partition. However, today there is the possibility to do some watermark attacks against encrypted partitions, and care should be taken when choosing an encryption method and the key mechanisms. With FC4 you can use dm-crypt with LUKS encryption, without patching the kernel and the util-linux package. So for Fedora Core 4 and higher consider to use LUKS.
All necessary patches are found in the Loop-AES package. You may download version 1.7e from this location or grab a more recent version (if there is) from Sourceforge. For my Fedora Core 1 setup I already use the 2.0b version of loop-AES. On Fedora Core 2 I use 2.1a.
The Loop-AES package include utils for patching the kernel, but you might be interested in this kernelpatch, which applies to a vanilla Linux 2.4.22 kernel and includes several useful features, especially for notebooks (new ACPI stack, software suspend 2.0rc2, bootsplash option, a recent CPUfreq version, and loop-AES of course). Since 2.4.22/23/24/26 have security issues and 2.4.25 several bugs you should use my 2.4.27-kernelpatch from now on. It does not include CPUfreq, but has device-mapper support instead, if you plan to update to LVM2. That patch includes drivers for PRISM54-chipsets. If you do not already have installed GnuPG make sure to download a recent version and install it. The version that comes with RedHat 9 is fine too.
If you want use Fedora Core 4 with LUKS, you neither have to patch the kernel, nor to install a
new util-linux package. Just use yum to install the tool to use LUKS:
# yum install cryptsetup-luks
First install the modified util-linux version. This is a one time step, but of course you have to
make sure that you never "upgrade" to an unmodified version. If you use RedHat 9 it
is properly the best to install the mentioned binary RPMs:
# rpm -Uvh losetup-2.11y-9cubbi_loopaes.i386.rpm mount-2.11y-9cubbi_loopaes.i386.rpm
util-linux-2.11y-9cubbi_loopaes.i386.rpm
If you have an other distribution based on RPMs grab the Source RPM and build your own binaries:
# rpmbuild --rebuild util-linux-2.11y-9cubbi_loopaes.src.rpm
For any other distribution, or in case my RPMs are not suitable follow the instructions from the
Loop-AES package.
The next thing you need is the loop.o module with AES support glued in. I like to have this
patched into my kernel, allowing me to modify the configuration without needing to recompile the
module afterwards. The Loop-AES package includes the necessary patch for Linux 2.4.22, as well as a
script to compile the module seperatly. If you are unexperienced with building your own kernel you
maybe should follow the Loop-AES documentation and build the loop.o module seperatly (caveat: the
last time I tried that it didn't work, since there was a problem in the script which refused to
install the modified loop.o module into the kernel module directory. So after running the script you
should look for the module in the package directory and copy it manually to the module library). If
you want to use the encryption on your notebook you might should look at my patch:
# tar xvjf linux-2.4.22.tar.bz2 (grab it from Kernel.org)
# cd linux-2.4.22
# bzcat
~/linux-2.4.22-acpi-swsusp-bootsplash-loopAES-cpufreq.patch.bz2|patch -p1
# make menuconfig (configure for your needs)
# make dep clean bzImage modules modules_install (install the bzImage
and System.map, reconfigure your bootloader and boot into the new kernel)
# depmod -a (do not forget this)
Make sure to activate Loopback device support (as module) and AES encrypted loop device
support (both in the Block devices menu). Compile and install the kernel as usual,
then reboot this new kernel (you can skip this if you installed the loop.o module seperatly of
course).
Since Fedora Core 3 I use the kernel shipped with the distribution, so I do not patch the kernel myself any longer. Instead I just use the build-option of the loop-AES package. At least up to version 2.2d you have to modify the Makefile to create the loop.ko-module: in line 115 add a negation "!" sign between the "if" and "grep" expression to add "-DOLD_PER_THREAD_RLIMITS" to the "EF" variable. In line 223 you have to add the path to the symvers-file, since the kernel-RPM does not include a "vmlinux"-file. The line will look like this:
$(CP1) $(MP1) -i /lib/modules/$(KR)/build/Module.symvers $(PP1)loop.o >/dev/null 2>&1
After that running # make will be enough to install the loop-AES module.
# yum install cryptsetup-luks
With the modified util-linux package and the new loop.o module you are now ready to setup an encrypted partition. I want to choose the option with the highest security here, so the first thing to do is to setup GnuPG for managing the encryptionkey (take a look in the Loop-AES manual for some simpler possibilities). With GnuPG you can use a long, randomized key for encrypting your data which results in an stronger encryption. However, this means you have to provide your GnuPG private keyring (secring) and encryptionkey every time you mount the encrypted partition. Either you should choose a strong password for your secring, or store it seperatly (I will use a memory stick for this). Of course the highest security is to use both, as I will do in the following :-)
If you already use GnuPG you will already have a private key in your secring. However, I choosed not
to use my real key, since there is a security risk if you keep your secring outside the safe,
encrypted home directory. I just created a new key for that, so I would be in no trouble if somebody
steals it.
# mkdir ~/tmpgpg (Create a directory for storing the new keyrings, and
encryption key. I setup a temporary directory here and copy its contents later, since it will be
stored on a FAT-filesystem on which GnuPG refused to work, because the necessary ownerships cannot be
set)
# cd ~/tmpgpg
# gpg --homedir ~/tmpgpg --gen-key (create a new GPG-key
(DSA and ElGamal, 2048 bits without expiring). Use "loop-AES" as comment and make sure to
have a long and good passphrase)
# chmod 700 ~/tmpgpg
# head -c 45 /dev/random|uuencode -m -|head -n 2|tail -n 1|gpg --homedir ~/tmpgpg -e -a -r "loop-AES">~/tmpgpg/keyfile.gpg
You need the contens of the directory now, especially the keyfile.gpg and the keyrings
(pubring.gpg and secring.gpg). Before you proceed make a backup of these three
files now, if you ever lose them you also lose your data. Printing the files out might the safest
idea (export the pub- and secring to ascii before, using the --export and
--export-secret-key option together with -a from GnuPG). I strongly advise not to
skip this step!
Now copy the directory to a place which can be made available before mounting the /home directory. A
nice way to do this is using an external memory device. I use a Sony Vaio (TM) notebook, which has a slot for a memorystick
build in. A very small stick would be enough for just storing the keyrings and keyfile, but having a
bigger one (mine is 128 MB) has some advantages, for example adding a encrypted container for really
sensible datas on it. Having a FAT-filesystem on such device is fine for the files, but you have to
create your GnuPG setup on a filesystem with proper ownership (like described above). Of course a
normal USB-stick will work as well. If you choosed a good passphrase it is also ok to store the
keyfile onto your harddisk, an attacker should not be able to use it accessing the encrypted
filesystem, however, having these files seperatly make an attacking senario nearly impossible (but
remember, that means you cannot access too if the files get lost). In the following I assume that
you have a memorydevice which is mountable at /mnt/memstick and setup in the
/etc/fstab:
# mount /mnt/memstick
# mkdir /mnt/memstick/HomeAES
# cp ~/tmpgpg/*
/mnt/memstick/HomeAES/ (you should have at least keyfile.gpg, pubring.gpg and
secring.gpg on the stick now)
Now that the initial steps are done the actual filesystem can be created. The new filesystem can
be either a flat file residing on one of your others filesystems, or a standard block-device
(harddisk partition or a logical volume as in my case using LVM). If you use a flat file check the
Loop-AES documentation about journaling filesystems as you might get trouble here. The following
steps should be done as root, switching down your system into single user mode.
# umount /home (stop all processes accessing to /home before)
# lvrename MyVolGrp home oldhome (assuming my current homedirectory is stored
an a logical volume group MyVolGrp called home)
# lvcreate -n home -L 5G MyVolGrp (creating a new volume)
In the following I have two block-devices: /dev/MyVolGrp/oldhome on which the contents of
my old homedirectory are stored (unencrypted) and /dev/MyVolGrp/home on which the
homedirectory will be stored in the future (encrypted). In your case these might be some partitions
on your harddisk or a flat file.
If you will use Fedora Core 4/5 and LUKS you have to mount the partition seperatly, just removed the
old entry for /home from your /etc/fstab. For Loop-AES you should also add a new
entry, so change the /etc/fstab: remove the old entry for /home (if you had a
seperate /home so far) or comment it out, and include a new entry:
/dev/MyVolGrp/home /home ext3 defaults,exec,noauto, loop=/dev/loop5, encryption=AES128, gpgkey=/mnt/memstick/HomeAES/keyfile.gpg, gpghome=/mnt/memstick/HomeAES 0 0 (remove the spaces after the ",").
For Loop-AES the new encrypted partition will be created on loopback device number 5. You can choose a
different number by editing the /etc/fstab. With losetup the future
/home-filesystem is glued encrypted to the loopdevice (after supplying the correct passphrase):
# losetup -F /dev/loop5
# mke2fs -j -L /home /dev/loop5 (creates an encrypted
ext3-filesystem on that loopdevice)
# mount /dev/loop5 /home
For FC4+5/LUKS you use the cryptsetup tool to create the encrypted partition:
# cryptsetup --verbose --verify-passphrase --cipher aes-cbc-essiv:sha256 --key-size
256 luksFormat /dev/MyVolGrp/home
# cryptsetup luksOpen /dev/MyVolGrp/home homedm
# mke2fs -j -L /home /dev/mapper/homedm
# mount /dev/mapper/homedm /home
Now it is time to copy the old content to the new encrypted home directory:
# mkdir /mnt/oldhome
# mount
/dev/MyVolGrp/oldhome /mnt/oldhome -oro (readonly mount the old /home)
# cd /mnt/oldhome
# tar cvO . | (cd /home/ && tar x) (copy the
contents to the encrypted home)
# cd ..
# umount /mnt/oldhome
# rmdir /mnt/oldhome
# umount
/home
Disable the loopback for Loop-AES with: # losetup -d /dev/loop5, or when using
FC4+5/LUKS with: # cryptsetup luksClose homedm.
Now the old /home directory is encrypted and can be mounted with
# mount /mnt/memstick
# mount /home
# umount /mnt/memstick
after booting. You should test this several times before removing the oldhome-device (you have made
a backup of the keyrings and keyfile, do you?). You might want to destroy the old, unencrypted data
by copying /dev/random to that old device, using shred or BCWipe from Jetico.
You now should read further how to work with encryption.