updated

2004-01-27 03:40:04 +00:00 · 2004-01-27 03:40:04 +00:00 · 9542c611df
parent 6c17dfbac2
commit 9542c611df
1 changed files with 52 additions and 12 deletions
--- a/LDP/howto/docbook/Cryptoloop-HOWTO.xml
+++ b/LDP/howto/docbook/Cryptoloop-HOWTO.xml
@ -10,15 +10,21 @@

    <author>
        <firstname>Ralf</firstname>
-        <surname>H&ouml;lzer</surname>
+        <surname>H&amp;ouml;lzer</surname>
 	<affiliation>
-            <address><email>ralf@well.com</email></address>
+            <address><email>cryptoloop@ralfhoelzer.com</email></address>
        </affiliation>
    </author>

    <pubdate>2004-01-15</pubdate>

    <revhistory>
+        <revision>
+	    <revnumber>1.1</revnumber>
+	    <date>2004-01-24</date>
+	    <authorinitials>rh</authorinitials>
+	    <revremark>Updated information on patching util-linux, Loop-AES, Best Crypt</revremark>
+	</revision>
        <revision>
 	    <revnumber>1.0</revnumber>
 	    <date>2004-01-17</date>
@ -56,6 +62,10 @@
  additional kernel patches are required. An update of some userspace utilities is necessary. Unfortunately, the
  use of Cryptoloop is not very well-documented so far. This HOWTO is an attempt to make it easy everyone
  to create an encrypted file system using the standard Cryptoloop functionality.
+
+  Cryptoloop is based on the Crypto API in the 2.6 Linux kernel. It should not be confused with Loop-AES, which is a completely
+  separate project. Cryptoloop is similar to the Crypto API that was available as a separate patch for the 2.4 kernel series. The
+  new version is not compatible with the older one.
        </para>

 <!-- Legal Sections -->
@ -64,7 +74,7 @@

 <para>
 This document, <emphasis>Cryptoloop HOWTO</emphasis>,
-is copyrighted &copy; 2004 by <emphasis>Ralf H&ouml;lzer</emphasis>.
+is copyrighted &&copy; 2004 by <emphasis>Ralf H&ouml;lzer</emphasis>.
 Permission is granted to copy, distribute and/or modify this
 document under the terms of the GNU Free Documentation
 License, Version 1.1 or any later version published
@ -145,7 +155,8 @@ email address : <email>rholzer@cmu.edu</email>.
    is currently more mature than Cryptoloop and some argue it is also faster because it uses a highly optimized assembler implementation for
    AES. While this may be true, Cryptoloop is very fast. I have not noticed any significant speed differences between a Cryptoloop-encrypted
    partition and a non-encrypted partition. I do not know of any statistics about these performance differences. Unless I/O performance is
-    extremely important to you, Cryptoloop should do just fine.
+    extremely important to you, Cryptoloop should do just fine. Loop-AES offers some additional features that are not yet present in the kernel
+    implementation of Cryptoloop. If you want to encrypt the root and swap partitions, you may want to stick with Loop-AES for now.
    </para>
    <para>
    The Cryptoloop functionality in the standard kernel provides a stable and clean implementation without the need for extra patches. Since it
@ -155,8 +166,8 @@ email address : <email>rholzer@cmu.edu</email>.
    <para>
    There are other tools which allow you to create an encrypted file system. BestCrypt is a commercial product from Jetico. It allows you to
    create encrypted containers and has a large choice of ciphers. It also offers some nifty features such as hidden containers. It is available
-    for Windows and Linux, which makes it suitable for interchanging encrypted containers between Windows and Linux. Currently there are no
-    modules yet that work with a 2.6 kernel. Cryptoloop can also create containers that can be moved around, by creating the encrypted file system
+    for Windows and Linux, which makes it suitable for interchanging encrypted containers between Windows and Linux. BestCrypt now compiles
+    on 2.6 kernels as well. Cryptoloop can also create containers that can be moved around, by creating the encrypted file system
    within a file as described below. I don't know of a way to access the Cryptoloop-encrypted files from other operating systems such as Windows. In
    this case, BestCrypt may be your only choice.
    </para>
@ -241,14 +252,42 @@ email address : <email>rholzer@cmu.edu</email>.

    <para>
    The Cryptoloop driver requires updated userspace tools to actually create and mount the encrypted
-    file system. These tools are included in the latest util-linux package. The minimum version you
-    need is 2.12. The entire util-linux package can be obtained from <ulink url="http://www.kernel.org/pub/linux/utils/util-linux/">http://www.kernel.org/pub/linux/utils/util-linux/</ulink>.
+    file system. An updated util-linux package is needed and can be obtained from <ulink url="http://ftp.cwi.nl/aeb/util-linux/util-linux-2.12.tar.gz">http://ftp.cwi.nl/aeb/util-linux/util-linux-2.12.tar.gz</ulink>.
+    The most current version is 2.12. There will be new versions out soon that will probably introduce major changes, so make sure you check this
+    HOWTO for updates before upgrading to a newer version.
+    Unfortunately there are many patches for util-linux out there. There are differences in the way how encrypted partitions are created
+    and mounted. In order to use util-linux 2.12 with a 2.6 kernel at least the following two patches need to be applied:
+    <orderedlist>
+    
+    <listitem><ulink url="http://www.stwing.org/~sluskyb/util-linux/losetup-combined.patch">Combined losetup patch</ulink></listitem>
+    <listitem><ulink url="http://www.ece.cmu.edu/~rholzer/cryptoloop/util-linux-2.12-kernel-2.6.patch">Util-linux 2.6 patch</ulink></listitem>
+
+    </orderedlist>
    </para>
- 
-    <para> 
-     This package provides the updated <command>losetup</command> and <command>mount</command> commands.
+    <para>
+    Download the util-linux patches and the two patches above.
+    First extract the util-linux package and then apply the two patches:
+    </para>
+    <screen>
+     tar xvfz util-linux-2.12.tar.gz
+
+     cd util-linux-2.12
+
+     patch -p1 < /path_to_patchfile/losetup-combined.patch
+
+     patch -p1 < /path_to_patchfile/util-linux-2.12-kernel-2.6.patch
+     </screen>
+    <para>
+    After applying the patches, compile and install util-linux according to the instructions in the INSTALL file.
    </para>

+
+    <para>
+    I recommend to use <ulink url="http://gentoo.org">Gentoo Linux</ulink>, which automatically applies these patches when emerging the util-linux patches.
+    Other distributions may have versions of util-linux available, that have these patches aleady applied as well.
+    
+    </para>
+ 
 </sect1>


@ -292,6 +331,8 @@ Cryptography.
 </screen>

 	<para>The command prompts for a password. Select a strong password and try to remember it without having to stick a Post-It note to your monitor. There is one big downside to using Cryptoloop. Since the password is hashed to create the encryption key, it is not easy to change the password later on. The most straight-forward way of changing the password is to create a new encrypted partition or file and move all data into it. For this reason, make sure you select a strong password from the start.</para>
+	<para>If <command>losetup</command> fails with an INVALID ARGUMENT error message, there is a problem with your util-linux package. Make sure you have followed the instructions above
+	on how to install a patched version of util-linux. Older and unpatched version use a different way of passing the key size, and do not work with the 2.6 Crypto API.</para>
      </listitem>

      <listitem>
@ -434,4 +475,3 @@ You can then mount the file system later on as follows:

 </article>

-