dm-crypt

cryptsetup
Original author(s)	Jana Saout, Clemens Fruhwirth, Milan Broz
Stable release	2.6.1 / 9 February 2023;17 months ago
Preview release	2.7.0-rc1 / 21 December 2023;6 months ago
Written in	C
Operating system	Unix-like
Platform	x86,x86-64,ARMv8,ARMv7,ppc64le,MIPS
Size	7 MB
Available in	16 languages
	List of languages English, Portuguese, Chinese (Simplified), Czech, Danish, Dutch, Finnish, French, German, Italian, Japanese, Polish, Russian, Spanish, Swedish, Ukrainian
Type	Disk encryption software
License	GPLv2; Sub-Libraries:; LGPLv2.1+
Website	gitlab/cryptsetup/cryptsetup

dm-cryptis a transparentblock device encryption subsysteminLinux kernelversions 2.6 and later and inDragonFly BSD.It is part of thedevice mapper(dm) infrastructure, and uses cryptographic routines from the kernel'sCrypto API.Unlike its predecessorcryptoloop,dm-crypt was designed to support advanced modes of operation, such asXTS,LRWandESSIV,in order to avoidwatermarking attacks.^[1]In addition to that, dm-crypt addresses some reliability problems of cryptoloop.^[2]

dm-crypt is implemented as a device mapper target and may be stacked on top of other device mapper transformations. It can thus encrypt whole disks (includingremovable media),partitions,software RAIDvolumes,logical volumes,as well asfiles.It appears as a block device, which can be used to backfile systems,swapor as anLVM physical volume.

SomeLinux distributionssupport the use of dm-crypt on the root file system. These distributions useinitrdto prompt the user to enter a passphrase at the console, or insert asmart cardprior to the normal boot process.^[3]

Frontends[edit]

The dm-crypt device mapper target resides entirely in kernel space, and is only concerned with encryption of theblock device– it does not interpret any data itself. It relies onuser space front-endsto create and activate encrypted volumes, and manage authentication. At least two frontends are currently available:cryptsetupandcryptmount.

cryptsetup[edit]

Thecryptsetupcommand-line interface, by default, does not write any headers to the encrypted volume, and hence only provides the bare essentials: encryption settings have to be provided every time the disk is mounted (although usually employed with automated scripts), and only onekeycan be used per volume; thesymmetric encryptionkey is directly derived from the suppliedpassphrase.

Because it lacks a "salt",using cryptsetup is less secure in this mode than is the case withLinux Unified Key Setup(LUKS).^[9]However, the simplicity of cryptsetup makes it useful when combined with third-party software, for example, withsmart cardauthentication.

cryptsetupalso provides commands to deal with the LUKS on-disk format. This format provides additional features such askey managementandkey stretching(usingPBKDF2), and remembers encrypted volume configuration across reboots.^[3]^[10]

cryptmount[edit]

Thecryptmountinterface is an alternative to the "cryptsetup" tool that allows any user tomountand unmount a dm-crypt file system when needed, without needingsuperuserprivileges after the device has been configured by a superuser.

Features[edit]

The fact that disk encryption (volume encryption) software like dm-crypt only deals with transparent encryption of abstractblock devicesgives it a lot of flexibility. This means that it can be used for encrypting any disk-backedfile systemssupported by theoperating system,as well asswap space;write barriersimplemented by file systems are preserved.^[11]^[12]Encrypted volumes can be stored ondisk partitions,logical volumes,whole disks as well asfile-backeddisk images(through the use ofloop deviceswith the losetup utility). dm-crypt can also be configured to encryptRAIDvolumes andLVMphysical volumes.

dm-crypt can also be configured to providepre-bootauthentication through aninitrd,thus encrypting all the data on a computer – except the bootloader, the kernel and the initrd image itself.^[3]

When using thecipher block chainingmode of operation with predictableinitialization vectorsas other disk encryption software, the disk is vulnerable towatermarking attacks.This means that an attacker is able to detect the presence of specially crafted data on the disk. To address this problem in its predecessors, dm-crypt included provisions for more elaborate, disk encryption-specific modes of operation.^[1]Support forESSIV(encrypted salt-sector initialization vector) was introduced in Linux kernel version 2.6.10,LRWin 2.6.20 andXTSin 2.6.24.

The Linux Crypto API includes support for most popularblock ciphersandhash functions,which are all usable with dm-crypt.

Crypted FS support include LUKS volumes,loop-AESand since Linux kernel 3.13, theTrueCrypttarget called "tcw".^[13]^[14]^[15]

Compatibility[edit]

dm-crypt and LUKS encrypted disks can be accessed and used under MS Windows using the now defunctFreeOTFE(formerly DoxBox, LibreCrypt), provided that the filesystem used is supported by Windows (e.g.FAT/FAT32/NTFS). Encryptedext2andext3filesystems are supported by usingExt2Fsdor so-called "Ext2 Installable File System for Windows";^[16]FreeOTFE also supports them.

Cryptsetup/LUKS and the required infrastructure have also been implemented on the DragonFly BSD operating system.^[17]

References[edit]

^^a ^bClemens Fruhwirth (2005-07-18)."New Methods in Hard Disk Encryption"(PDF).Vienna University of Technology.Retrieved2007-04-20.{{cite journal}}:Cite journal requires|journal=(help)
^Mike Peters (2004-06-08)."Encrypting partitions using dm-crypt and the 2.6 series kernel".Archived fromthe originalon 2012-07-11.Retrieved2012-02-20.{{cite journal}}:Cite journal requires|journal=(help)
^^a ^b ^cW. Michael Petullo (2007-01-18)."Disk encryption in Fedora: Past, present and future".Red Hat Magazine. Archived fromthe originalon 2008-10-10.Retrieved2007-04-20.
^"AUTHORS".GitLab.Retrieved7 September2019.
^^a ^b ^c ^d"docs · master · cryptsetup / cryptsetup".GitLab.Retrieved21 December2023.
^"The cryptsetup textual domain".Translation Project.Retrieved7 September2019.
^"COPYING".GitLab.Retrieved7 September2019.
^"COPYING.LGPL".GitLab.Retrieved7 September2019.
^"cryptsetup FAQ".
^Clemens Fruhwirth (2004-07-15)."TKS1 – An anti-forensic, two level, and iterated key setup scheme"(PDF).Draft.Retrieved2006-12-12.
^Milan Broz (2012-04-24)."[dm-crypt] Does dm-crypt support journaling filesystem transactional guarantees?".saout.de.Retrieved2014-07-08.
^Mikulas Patocka (2009-06-22)."kernel/git/torvalds/linux.git".Linux kernel source tree.kernel.org.Retrieved2014-07-08.
^"dm-crypt: Linux kernel device-mapper crypto target – IV generators".cryptsetup. 2014-01-11.Retrieved2015-04-05.
^"dm-crypt: Linux kernel device-mapper crypto target".Retrieved2015-04-05.
^"[dm-devel] [PATCH 2/2] dm-crypt: Add TCW IV mode for old CBC TCRYPT containers".redhat.Retrieved2014-06-17.
^"Ext2 IFS For Windows".fs-driver.org.Retrieved15 February2015.
^Alex Hornung (2010-07-23)."HEADS UP: dm, lvm, cryptsetup and initrd on master".

External links[edit]

Officialdm-crypt,cryptsetup-luksandcryptmountwebsites
All about dm-crypt and LUKS on one page (on archive.org)– a page covering dm-crypt/LUKS, starting with theory and ending with many practical examples about its usage.

[new-methods-1] Clemens Fruhwirth (2005-07-18)."New Methods in Hard Disk Encryption"(PDF).Vienna University of Technology.Retrieved2007-04-20.{{cite journal}}:Cite journal requires|journal=(help)

[2] Mike Peters (2004-06-08)."Encrypting partitions using dm-crypt and the 2.6 series kernel".Archived fromthe originalon 2012-07-11.Retrieved2012-02-20.{{cite journal}}:Cite journal requires|journal=(help)

[crypt-fedora-3] W. Michael Petullo (2007-01-18)."Disk encryption in Fedora: Past, present and future".Red Hat Magazine. Archived fromthe originalon 2008-10-10.Retrieved2007-04-20.

[4] "AUTHORS".GitLab.Retrieved7 September2019.

[cryptsetup-5] "docs · master · cryptsetup / cryptsetup".GitLab.Retrieved21 December2023.

[6] "The cryptsetup textual domain".Translation Project.Retrieved7 September2019.

[7] "COPYING".GitLab.Retrieved7 September2019.

[8] "COPYING.LGPL".GitLab.Retrieved7 September2019.

[9] "cryptsetup FAQ".

[tks1-10] Clemens Fruhwirth (2004-07-15)."TKS1 – An anti-forensic, two level, and iterated key setup scheme"(PDF).Draft.Retrieved2006-12-12.

[11] Milan Broz (2012-04-24)."[dm-crypt] Does dm-crypt support journaling filesystem transactional guarantees?".saout.de.Retrieved2014-07-08.

[12] Mikulas Patocka (2009-06-22)."kernel/git/torvalds/linux.git".Linux kernel source tree.kernel.org.Retrieved2014-07-08.

[13] "dm-crypt: Linux kernel device-mapper crypto target – IV generators".cryptsetup. 2014-01-11.Retrieved2015-04-05.

[14] "dm-crypt: Linux kernel device-mapper crypto target".Retrieved2015-04-05.

[15] "[dm-devel] [PATCH 2/2] dm-crypt: Add TCW IV mode for old CBC TCRYPT containers".redhat.Retrieved2014-06-17.

[16] "Ext2 IFS For Windows".fs-driver.org.Retrieved15 February2015.

[17] Alex Hornung (2010-07-23)."HEADS UP: dm, lvm, cryptsetup and initrd on master".

[1]

[2]

[3]

[4]

[5]

[6]

[7]

[8]

[9]

[10]

[11]

[12]

[13]

[14]

[15]

[16]

[17]

v t e Linux
Linux kernel	History Linus's law Linux-libre Booting process Kernel oops Tux more…
Controversies	Criticism of Linux Criticism of desktop Linux GNU/Linux naming controversy Tanenbaum–Torvalds debate SCO and Linux
Distributions	General comparison Distributions list Netbook-specific comparison Distributions that run from RAM Lightweight Security-focused operating system Package manager Package format List of software package managers
Organizations	LinuxChix Linux Counter Linux Documentation Project Linux Foundation Linux Mark Institute Linux User Group (LUG)
Adoption	Adopters Desktop Embedded Gaming Mobile Range of use Linux malware
Media	DistroWatch Free Software Magazine Full Circle Linux Linux Format Linux Gazette Linux Journal Linux Magazine LinuxUser Ubuntu User Linux Outlaws Linux Voice LugRadio LWN.net Phoronix Revolution OS The Code
Professional related certifications	CompTIA Linux+ Linux Foundation Red Hat Ubuntu
Linux portal Free and open-source software portal Category