<revremark>Initial release, reviewed by TM at LDP.</revremark>
</revision>
<revision>
<revnumber>v0.9</revnumber>
<date>2004-01-15</date>
<authorinitials>rh</authorinitials>
<revremark>Updated and converted to DocBook XML.</revremark>
</revision>
</revhistory>
<abstract>
<para>
This document explains how to create encrypted file systems using the Cryptoloop functionality. Cryptoloop is part of the CryptoAPI in the 2.6 Linux kernel series.
</para>
</abstract>
</articleinfo>
<sect1id="about">
<title>About this document</title>
<para>
This HOWTO describes how to use the Cryptoloop loop device encryption in the 2.6 Linux kernel series. Cryptoloop
makes it possible to create encrypted file systems within a partition or another file in the file system. These encrypted files
can the be moved to a CD, DVD, USB memory stick, etc. Cryptoloop makes
use of the loop device. This device is a pseudo-device which serves as a <quote>loop</quote> through which each call to a the file system
has to pass. This way, data can be processed in order to encrypt and decrypt it. Since kernel 2.6, the
Crypto API has been integrated into the main kernel, and setting up an encrypted file system has become much easier. No
additional kernel patches are required. An update of some userspace utilities is necessary. Unfortunately, the
use of Cryptoloop is not very well-documented so far. This HOWTO is an attempt to make it easy everyone
to create an encrypted file system using the standard Cryptoloop functionality.
There are currently a few alternatives to using Cryptoloop. Loop-AES (<ulinkurl="http://loop-aes.sourceforge.net">http://loop-aes.sourceforge.net</ulink>)
within a file as described below. I don't know of a way to access the Cryptoloop-encrypted files from other operating systems such as Windows. In
this case, BestCrypt may be your only choice.
</para>
<para>
There are other commercial disk encryption tools such as PGP disk, but to my knowledge there is no Linux support for them.
</para>
</sect1>
<sect1id="kernel-configuration">
<title>Configuring the kernel</title>
<para>
In order to use Cryptoloop, you need to activate a few kernel options. You have the option to either compile these
requirements as modules or compile them directly into the kernel. The following steps enable them as modules.
If you are not familiar with building a 2.6 kernel, you should refer to the <ulinkurl="http://www.linuxdocs.org/HOWTOs/Kernel-HOWTO.html">Linux Kernel HOWTO</ulink>. The following
instructions just give the minimal steps.
</para>
<orderedlist>
<listitem>
<para>Go to the directory that holds your kernel source tree (usually <filename>/usr/src/linux/</filename>) and start the configuration:</para>
<screen>make menuconfig</screen>
</listitem>
<listitem>
<para>Enable general loop device support. Active <quote>Loopback device support</quote> under:</para>
<para>Enable Cryptoloop support in the same section. The option should show up as soon as you enable general loopback support.</para>
</listitem>
<listitem>
<para>Enable the cryptographic API by going to <quote>Cryptographic options</quote> from the main menu. You can safely enable most algorithms here. I would recommend that you enable the following:</para>
<screen>
-- Cryptographic API
<*> HMAC support
<> Null algorithms
<*> MD4 digest algorithm
<*> MD5 digest algorithm
<*> SHA1 digest algorithm
<*> SHA256 digest algorithm
<*> SHA384 and SHA512 digest algorithms
<*> DES and Triple DES EDE cipher algorithms
<*> Blowfish cipher algorithm
<*> Twofish cipher algorithm
<*> Serpent cipher algorithm
<*> AES cipher algorithms
<*> CAST5 (CAST-128) cipher algorithm
<*> CAST6 (CAST-256) cipher algorithm
<*> Deflate compression algorithm
<> Testing module
</screen>
<para>
If you decide to make them as modules, make sure you load the appropriate modules (cryptoloop, aes, etc.) at startup before you continue.</para>
</listitem>
<listitem>
<para>Make your kernel and modules and install them. For example, if you are using lilo on a x86 machine, this can be done like this:</para>
<screen>
make
make modules_install
cp arch/i386/boot/bzImage /boot/kernel-2.6.1
lilo
</screen>
</listitem>
<listitem>
<para>Load the required modules at startup. This is handled differently on the various distributions. For example, on Gentoo these modules can be added to <filename>/etc/modules.autoload/kernel-2.6</filename>. If you have compiled Cryptoloop as a module, it will have to be loaded first. It will automatically load the basic loop device module as well. You can manually load the module with:</para>
<screen>modprobe cryptoloop</screen>
</listitem>
</orderedlist>
</sect1>
<sect1id="userspace-tools">
<title>Getting the user space tools</title>
<para>
The Cryptoloop driver requires updated userspace tools to actually create and mount the encrypted
file system. An updated util-linux package is needed and can be obtained from <ulinkurl="http://ftp.cwi.nl/aeb/util-linux/util-linux-2.12.tar.gz">http://ftp.cwi.nl/aeb/util-linux/util-linux-2.12.tar.gz</ulink>.
The most current version is 2.12. There will be new versions out soon that will probably introduce major changes, so make sure you check this
HOWTO for updates before upgrading to a newer version.
Unfortunately there are many patches for util-linux out there. There are differences in the way how encrypted partitions are created
and mounted. In order to use util-linux 2.12 with a 2.6 kernel at least the following two patches need to be applied:
<para>It is recommended that you format your partition and fill it with random data before you create the encrypted file system on it. This will make it harder for an attacker to detect patterns in your encrypted partition.
</para>
<para><emphasis>WARNING!</emphasis></para>
<para>Be careful what you type here for your partition. If you do make a mistake, you can easily overwrite the wrong partition with random garbage! </para>
<para>Filling a partition with random data can be done as follows:</para>
<screen>dd if=/dev/urandom of=/dev/sda1 bs=1M
</screen>
<para>You may get an error message that the device is full. You can ignore it.</para>
</listitem>
<listitem>
<para>Select a cipher and key size. A list of ciphers supported by your kernel can be obtained from <filename>/proc/crypto</filename>. I recommend that you use AES with a 256-bit key.</para>
</listitem>
<listitem>
<para>Set up the loop device. This is done using the <command>losetup</command> command from the util-linux package. The following command creates an encrypted filesystem using the loop device 0 using the AES cipher with a 256-bit key on the device <filename>/dev/sda1</filename>:</para>
<para>The command prompts for a password. Select a strong password and try to remember it without having to stick a Post-It note to your monitor.
There is one big downside to using Cryptoloop. Since the password is hashed to create the encryption key, it is not easy to change the password later on.
The most straight-forward way of changing the password is to create a new encrypted partition or file and move all data into it. For this reason, make
sure you select a strong password from the start. AES may be a strong algorithm, but if you chose a weak password, that security goes down the drain.
</para>
<para>If <command>losetup</command> fails with an INVALID ARGUMENT error message, there is a problem with your util-linux package.
Make sure you have followed the instructions above on how to install a patched version of util-linux. Older and unpatched version use a
different way of passing the key size, and do not work with the 2.6 Crypto API.