dm-crypt
dm-cryptis a transparentblock device encryptionsubsysteminLinux kernelversions 2.6 and later and inDragonFly BSD.It is part of thedevice mapper(dm) infrastructure, and uses cryptographic routines from the kernel'sCrypto API.Unlike its predecessorcryptoloop,dm-crypt was designed to support advanced modes of operation, such asXTS,LRWandESSIV,in order to avoidwatermarking attacks.[1]In addition to that, dm-crypt addresses some reliability problems of cryptoloop.[2]
dm-crypt is implemented as a device mapper target and may be stacked on top of other device mapper transformations. It can thus encrypt whole disks (includingremovable media),partitions,software RAIDvolumes,logical volumes,as well asfiles.It appears as a block device, which can be used to backfile systems,swapor as anLVMphysical volume.
SomeLinux distributionssupport the use of dm-crypt on the root file system. These distributions useinitrdto prompt the user to enter a passphrase at the console, or insert asmart cardprior to the normal boot process.[3]
Frontends
[edit]The dm-crypt device mapper target resides entirely in kernel space, and is only concerned with encryption of theblock device– it does not interpret any data itself. It relies onuser spacefront-endsto create and activate encrypted volumes, and manage authentication. At least two frontends are currently available:cryptsetup
andcryptmount
.
cryptsetup
[edit]Original author(s) | Jana Saout, Clemens Fruhwirth, Milan Broz[4] |
---|---|
Stable release | |
Repository | https://gitlab.com/cryptsetup/cryptsetup |
Written in | C |
Operating system | Unix-like |
Platform | x86,x86-64,ARMv8,ARMv7,ppc64le,MIPS |
Size | 7 MB |
Available in | 16 languages[6] |
List of languages English, Portuguese, Chinese (Simplified), Czech, Danish, Dutch, Finnish, French, German, Italian, Japanese, Polish, Russian, Spanish, Swedish, Ukrainian | |
Type | Disk encryption software |
License | GPLv2[7] Sub-Libraries: LGPLv2.1+[8] |
Website | gitlab |
Thecryptsetup
command-line interface, by default, does not write any headers to the encrypted volume, and hence only provides the bare essentials: encryption settings have to be provided every time the disk is mounted (although usually employed with automated scripts), and only onekeycan be used per volume; thesymmetric encryptionkey is directly derived from the suppliedpassphrase.
Because it lacks a "salt",using cryptsetup is less secure in this mode than is the case withLinux Unified Key Setup(LUKS).[9]However, the simplicity of cryptsetup makes it useful when combined with third-party software, for example, withsmart cardauthentication.
cryptsetup
also provides commands to deal with the LUKS on-disk format. This format provides additional features such askey managementandkey stretching(usingPBKDF2), and remembers encrypted volume configuration across reboots.[3][10]
cryptmount
[edit]Thecryptmount
interface is an alternative to the "cryptsetup" tool that allows any user tomountand unmount a dm-crypt file system when needed, without needingsuperuserprivileges after the device has been configured by a superuser.
Features
[edit]The fact that disk encryption (volume encryption) software like dm-crypt only deals with transparent encryption of abstractblock devicesgives it a lot of flexibility. This means that it can be used for encrypting any disk-backedfile systemssupported by theoperating system,as well asswap space;write barriersimplemented by file systems are preserved.[11][12]Encrypted volumes can be stored ondisk partitions,logical volumes,whole disks as well asfile-backeddisk images(through the use ofloop deviceswith the losetup utility). dm-crypt can also be configured to encryptRAIDvolumes andLVMphysical volumes.
dm-crypt can also be configured to providepre-bootauthentication through aninitrd,thus encrypting all the data on a computer – except the bootloader, the kernel and the initrd image itself.[3]
When using thecipher block chaining(CBC) mode of operation with predictableinitialization vectorsas other disk encryption software, the disk is vulnerable towatermarking attacks.This means that an attacker is able to detect the presence of specially crafted data on the disk. To address this problem in its predecessors, dm-crypt included provisions for more elaborate, disk encryption-specific modes of operation.[1]Support forESSIV(encrypted salt-sector initialization vector) was introduced in Linux kernel version 2.6.10,LRWin 2.6.20 andXTSin 2.6.24. Awide-blockdisk encryption algorithm,Adiantum,was added in 5.0, and its AES-based cousin HCTR2 in 6.0.
The Linux Crypto API includes support for most popularblock ciphersandhash functions,which are all usable with dm-crypt.
Crypted FS support include LUKS (versions 1 and 2) volumes,loop-AES,TrueCrypt/VeraCrypt(since Linux kernel 3.13),[13][14][15]andBitLocker-encrypted NTFS (since cryptsetup 2.3.0).[16]TrueCrypt/VeraCrypt (TCRYPT) and BitLocker (BITLK) support require the kernel userspace crypto API.[17]
Compatibility
[edit]dm-crypt and LUKS encrypted disks can be accessed and used under MS Windows using the now defunctFreeOTFE(formerly DoxBox, LibreCrypt), provided that the filesystem used is supported by Windows (e.g.FAT/FAT32/NTFS). Encryptedext2andext3filesystems are supported by usingExt2Fsdor so-called "Ext2 Installable File System for Windows";[18]FreeOTFE also supports them.
Cryptsetup/LUKS and the required infrastructure have also been implemented on the DragonFly BSD operating system.[19]
See also
[edit]References
[edit]- ^abFruhwirth, Clemens (18 July 2005)."New Methods in Hard Disk Encryption"(PDF).Vienna University of Technology.Retrieved22 August2024.
- ^Peters, Mike."Encrypting partitions using dm-crypt and the 2.6 series kernel".Linux.com.Archived fromthe originalon 11 July 2012.Retrieved22 August2024.
- ^abcW. Michael Petullo (2007-01-18)."Disk encryption in Fedora: Past, present and future".Red Hat Magazine. Archived fromthe originalon 2008-10-10.Retrieved2007-04-20.
- ^"AUTHORS".GitLab.Retrieved7 September2019.
- ^ab"docs · master · cryptsetup / cryptsetup".GitLab.Retrieved10 October2024.
- ^"The cryptsetup textual domain".Translation Project.Retrieved7 September2019.
- ^"COPYING".GitLab.Retrieved7 September2019.
- ^"COPYING.LGPL".GitLab.Retrieved7 September2019.
- ^"cryptsetup FAQ".
- ^Clemens Fruhwirth (2004-07-15)."TKS1 – An anti-forensic, two level, and iterated key setup scheme"(PDF).Draft.Retrieved2006-12-12.
- ^Milan Broz (2012-04-24)."[dm-crypt] Does dm-crypt support journaling filesystem transactional guarantees?".saout.de.Retrieved2014-07-08.
- ^Mikulas Patocka (2009-06-22)."kernel/git/torvalds/linux.git".Linux kernel source tree.kernel.org.Retrieved2014-07-08.
- ^"dm-crypt: Linux kernel device-mapper crypto target – IV generators".cryptsetup. 2014-01-11.Retrieved2015-04-05.
- ^"dm-crypt: Linux kernel device-mapper crypto target".Retrieved2015-04-05.
- ^"[dm-devel] [PATCH 2/2] dm-crypt: Add TCW IV mode for old CBC TCRYPT containers".redhat.com.Retrieved2014-06-17.
- ^Trefny, Vojtech (25 Jan 2020).BitLocker disk encryption on Linux(PDF).DevConf CZ.
- ^LinuxProgrammer'sManual– Administration and Privileged Commands –
- ^"Ext2 IFS For Windows".fs-driver.org.Retrieved15 February2015.
- ^Alex Hornung (2010-07-23)."HEADS UP: dm, lvm, cryptsetup and initrd on master".
External links
[edit]- Officialdm-crypt,cryptsetup-luksandcryptmountwebsites
- All about dm-crypt and LUKS on one page (on archive.org)– a page covering dm-crypt/LUKS, starting with theory and ending with many practical examples about its usage.