Setting up the encryption

Prepare the encryption

In the following a method of doing the actual encryption is needed. There are several ways to do that. I have tried Best Crypt from Jetico earlier, which is easy to setup but has some disadvantages: first it is not free (in fact there is no licence expiring like in the windows version of the program, but it would be illegal to use it after the 30 days testperiod without buying a licence) and it has a bad performance. Some annoying problem, at least for me, is the necessity to compile it outside the kernel, instead of having a kernel patch directly. However it has some advantages too: it offers several different encryption methods and let you choose a suitable tradeoff between security (encryption strengh in that case) and performance. Furthermore the system works both on Linux and Microsoft Windows (TM), which let you read your data on both platforms. This is dispensable for me, since I only use Linux.
There is a program called CFS which is Open Source and runs completly in userspace, but needs NFS and associated RPC programs, which I do not want to use. So my tool of choose is Loop-AES here.

Why Loop-AES and how to setup?

Redhat 9 already has an encryption system built in, but since I compile my own kernel anyway I choose Loop-AES for the encryption task. It is easy to setup (ok, the first time might be tricky since you need to install a special losetup version) and painless in use, the performance is good and configureable, AES is a fair and strong encryption, and the option to use GPG for encrypting a reasonable key improves the security. Also a big advantage is, that Loop-AES encrypts in blocks of 512 bytes and is independent to the size of the underlaying device which allows transparent resizing (extending and shrinking) of the underlaying filesystem, a very useful feature if you run out of space and use LVM.
The first thing to start is installing a patched version of the util-linux package and then installing a modified loopback-device driver (either by patching the kernel or by compiling a patched loop.o module).

Fedora Core 4/5 and LUKS

I added this section in February 2006 updating some of the information presented so far. When Fedora Core 4 was available I switched from Loop-AES to dm-crypt, because all tools were already included in the distribution, and it was compatible to my already encrypted partition. However, today there is the possibility to do some watermark attacks against encrypted partitions, and care should be taken when choosing an encryption method and the key mechanisms. With FC4 you can use dm-crypt with LUKS encryption, without patching the kernel and the util-linux package. So for Fedora Core 4 and higher consider to use LUKS.

The software

All necessary patches are found in the Loop-AES package. You may download version 1.7e from this location or grab a more recent version (if there is) from Sourceforge. For my Fedora Core 1 setup I already use the 2.0b version of loop-AES. On Fedora Core 2 I use 2.1a.

  • If you use Redhat 9 it might be easier to download these ready to run RPMs: 1, 2 and 3 (you need all three of them, or use this Source RPM to compile it yourself).
  • For Fedora Core 1 I provide these ready to run RPMs: 1, 2 and 3 (all three are needed, or use the Source RPM).
  • On Fedora Core 2 you can use these ready to run RPMs: 1 (only this one, it includes mount and losetup from the former single packages), or the Source RPM.
  • Fedora Core 3 need some more patching, so you should find this RPM useful: util-linux for FC3. You can also use this Source RPM (Xavier Nicolovici also provides some builds for Core 3 on his homepage).

The Loop-AES package include utils for patching the kernel, but you might be interested in this kernelpatch, which applies to a vanilla Linux 2.4.22 kernel and includes several useful features, especially for notebooks (new ACPI stack, software suspend 2.0rc2, bootsplash option, a recent CPUfreq version, and loop-AES of course). Since 2.4.22/23/24/26 have security issues and 2.4.25 several bugs you should use my 2.4.27-kernelpatch from now on. It does not include CPUfreq, but has device-mapper support instead, if you plan to update to LVM2. That patch includes drivers for PRISM54-chipsets. If you do not already have installed GnuPG make sure to download a recent version and install it. The version that comes with RedHat 9 is fine too.

If you want use Fedora Core 4 with LUKS, you neither have to patch the kernel, nor to install a new util-linux package. Just use yum to install the tool to use LUKS:
# yum install cryptsetup-luks

The setup for Loop-AES

First install the modified util-linux version. This is a one time step, but of course you have to make sure that you never "upgrade" to an unmodified version. If you use RedHat 9 it is properly the best to install the mentioned binary RPMs:
# rpm -Uvh losetup-2.11y-9cubbi_loopaes.i386.rpm mount-2.11y-9cubbi_loopaes.i386.rpm util-linux-2.11y-9cubbi_loopaes.i386.rpm
If you have an other distribution based on RPMs grab the Source RPM and build your own binaries:
# rpmbuild --rebuild util-linux-2.11y-9cubbi_loopaes.src.rpm
For any other distribution, or in case my RPMs are not suitable follow the instructions from the Loop-AES package.

The next thing you need is the loop.o module with AES support glued in. I like to have this patched into my kernel, allowing me to modify the configuration without needing to recompile the module afterwards. The Loop-AES package includes the necessary patch for Linux 2.4.22, as well as a script to compile the module seperatly. If you are unexperienced with building your own kernel you maybe should follow the Loop-AES documentation and build the loop.o module seperatly (caveat: the last time I tried that it didn't work, since there was a problem in the script which refused to install the modified loop.o module into the kernel module directory. So after running the script you should look for the module in the package directory and copy it manually to the module library). If you want to use the encryption on your notebook you might should look at my patch:
# tar xvjf linux-2.4.22.tar.bz2 (grab it from Kernel.org)
# cd linux-2.4.22
# bzcat ~/linux-2.4.22-acpi-swsusp-bootsplash-loopAES-cpufreq.patch.bz2|patch -p1
# make menuconfig
(configure for your needs)
# make dep clean bzImage modules modules_install (install the bzImage and System.map, reconfigure your bootloader and boot into the new kernel)
# depmod -a (do not forget this)
Make sure to activate Loopback device support (as module) and AES encrypted loop device support (both in the Block devices menu). Compile and install the kernel as usual, then reboot this new kernel (you can skip this if you installed the loop.o module seperatly of course).

Since Fedora Core 3 I use the kernel shipped with the distribution, so I do not patch the kernel myself any longer. Instead I just use the build-option of the loop-AES package. At least up to version 2.2d you have to modify the Makefile to create the loop.ko-module: in line 115 add a negation "!" sign between the "if" and "grep" expression to add "-DOLD_PER_THREAD_RLIMITS" to the "EF" variable. In line 223 you have to add the path to the symvers-file, since the kernel-RPM does not include a "vmlinux"-file. The line will look like this:
$(CP1) $(MP1) -i /lib/modules/$(KR)/build/Module.symvers $(PP1)loop.o >/dev/null 2>&1
After that running # make will be enough to install the loop-AES module.

The setup for Fedora Core 4+5/LUKS

# yum install cryptsetup-luks

Setup a new, encrypted /home

With the modified util-linux package and the new loop.o module you are now ready to setup an encrypted partition. I want to choose the option with the highest security here, so the first thing to do is to setup GnuPG for managing the encryptionkey (take a look in the Loop-AES manual for some simpler possibilities). With GnuPG you can use a long, randomized key for encrypting your data which results in an stronger encryption. However, this means you have to provide your GnuPG private keyring (secring) and encryptionkey every time you mount the encrypted partition. Either you should choose a strong password for your secring, or store it seperatly (I will use a memory stick for this). Of course the highest security is to use both, as I will do in the following :-)

Creating an encryptionkey

If you already use GnuPG you will already have a private key in your secring. However, I choosed not to use my real key, since there is a security risk if you keep your secring outside the safe, encrypted home directory. I just created a new key for that, so I would be in no trouble if somebody steals it.
# mkdir ~/tmpgpg (Create a directory for storing the new keyrings, and encryption key. I setup a temporary directory here and copy its contents later, since it will be stored on a FAT-filesystem on which GnuPG refused to work, because the necessary ownerships cannot be set)
# cd ~/tmpgpg
# gpg --homedir ~/tmpgpg --gen-key
(create a new GPG-key (DSA and ElGamal, 2048 bits without expiring). Use "loop-AES" as comment and make sure to have a long and good passphrase)
# chmod 700 ~/tmpgpg
# head -c 45 /dev/random|uuencode -m -|head -n 2|tail -n 1|gpg --homedir ~/tmpgpg -e -a -r "loop-AES">~/tmpgpg/keyfile.gpg

You need the contens of the directory now, especially the keyfile.gpg and the keyrings (pubring.gpg and secring.gpg). Before you proceed make a backup of these three files now, if you ever lose them you also lose your data. Printing the files out might the safest idea (export the pub- and secring to ascii before, using the --export and --export-secret-key option together with -a from GnuPG). I strongly advise not to skip this step!
Now copy the directory to a place which can be made available before mounting the /home directory. A nice way to do this is using an external memory device. I use a Sony Vaio (TM) notebook, which has a slot for a memorystick build in. A very small stick would be enough for just storing the keyrings and keyfile, but having a bigger one (mine is 128 MB) has some advantages, for example adding a encrypted container for really sensible datas on it. Having a FAT-filesystem on such device is fine for the files, but you have to create your GnuPG setup on a filesystem with proper ownership (like described above). Of course a normal USB-stick will work as well. If you choosed a good passphrase it is also ok to store the keyfile onto your harddisk, an attacker should not be able to use it accessing the encrypted filesystem, however, having these files seperatly make an attacking senario nearly impossible (but remember, that means you cannot access too if the files get lost). In the following I assume that you have a memorydevice which is mountable at /mnt/memstick and setup in the /etc/fstab:
# mount /mnt/memstick
# mkdir /mnt/memstick/HomeAES
# cp ~/tmpgpg/* /mnt/memstick/HomeAES/
(you should have at least keyfile.gpg, pubring.gpg and secring.gpg on the stick now)

Creating the encrypted filesystem

Now that the initial steps are done the actual filesystem can be created. The new filesystem can be either a flat file residing on one of your others filesystems, or a standard block-device (harddisk partition or a logical volume as in my case using LVM). If you use a flat file check the Loop-AES documentation about journaling filesystems as you might get trouble here. The following steps should be done as root, switching down your system into single user mode.
# umount /home (stop all processes accessing to /home before)
# lvrename MyVolGrp home oldhome (assuming my current homedirectory is stored an a logical volume group MyVolGrp called home)
# lvcreate -n home -L 5G MyVolGrp (creating a new volume)

In the following I have two block-devices: /dev/MyVolGrp/oldhome on which the contents of my old homedirectory are stored (unencrypted) and /dev/MyVolGrp/home on which the homedirectory will be stored in the future (encrypted). In your case these might be some partitions on your harddisk or a flat file.
If you will use Fedora Core 4/5 and LUKS you have to mount the partition seperatly, just removed the old entry for /home from your /etc/fstab. For Loop-AES you should also add a new entry, so change the /etc/fstab: remove the old entry for /home (if you had a seperate /home so far) or comment it out, and include a new entry:
/dev/MyVolGrp/home /home ext3 defaults,exec,noauto, loop=/dev/loop5, encryption=AES128, gpgkey=/mnt/memstick/HomeAES/keyfile.gpg, gpghome=/mnt/memstick/HomeAES 0 0 (remove the spaces after the ",").

For Loop-AES the new encrypted partition will be created on loopback device number 5. You can choose a different number by editing the /etc/fstab. With losetup the future /home-filesystem is glued encrypted to the loopdevice (after supplying the correct passphrase):
# losetup -F /dev/loop5
# mke2fs -j -L /home /dev/loop5
(creates an encrypted ext3-filesystem on that loopdevice)
# mount /dev/loop5 /home

For FC4+5/LUKS you use the cryptsetup tool to create the encrypted partition:
# cryptsetup --verbose --verify-passphrase --cipher aes-cbc-essiv:sha256 --key-size 256 luksFormat /dev/MyVolGrp/home
# cryptsetup luksOpen /dev/MyVolGrp/home homedm
# mke2fs -j -L /home /dev/mapper/homedm
# mount /dev/mapper/homedm /home

Now it is time to copy the old content to the new encrypted home directory:
# mkdir /mnt/oldhome
# mount /dev/MyVolGrp/oldhome /mnt/oldhome -oro
(readonly mount the old /home)
# cd /mnt/oldhome
# tar cvO . | (cd /home/ && tar x)
(copy the contents to the encrypted home)
# cd ..
# umount /mnt/oldhome
# rmdir /mnt/oldhome
# umount /home

Disable the loopback for Loop-AES with: # losetup -d /dev/loop5, or when using FC4+5/LUKS with: # cryptsetup luksClose homedm.

Now the old /home directory is encrypted and can be mounted with
# mount /mnt/memstick
# mount /home
# umount /mnt/memstick

after booting. You should test this several times before removing the oldhome-device (you have made a backup of the keyrings and keyfile, do you?). You might want to destroy the old, unencrypted data by copying /dev/random to that old device, using shred or BCWipe from Jetico.

You now should read further how to work with encryption.

MHENSLER.de/cryptohome/encryption_en.php#20060320-000636$1.26  [20351] © Matthias Hensler 2002-12, All Rights Reserved