[Pkg-cryptsetup-devel] Re: Status of partman-crypto

Tue Mar 7 14:38:23 UTC 2006

On 07/03/2006 Max Vozeler wrote:
> > also, what exactly is partman-crypto intended to do?
> 
> What you listed is basically what it does. I'll add some
> thoughts on the differences and on changes that might be
> required for plain dm-crypt and LUKS.
> 
> > - configure a partition as encrypted, specify type
> >  (loop-aes, dm-crypt, luks), cypher
> 
> Yes. For loop-AES we ask about the cipher and type of
> encryption key. Keysize is implied for each cipher. This is
> probably different for dm-crypt setups: I suppose it would 
> need to ask about the keysize and volume name, and could 
> ask about hash function - and perhaps other options?

yes, keysize is usually 128, 192 or 256. cipher and type of key are also
important for dm-crypt and luks. hash might be useful for password based
encryption with plain dm-crypt.
and for sure a target name needs to be supplied, that is given to fstab
later.

> > - prepare the partition for encryption
> >   choose a passphrase or key)
> 
> This is the part I'm most clueless about. :-)
> Which key types are supported and which are recommended 
> for dm-crypt and LUKS respectively? 

what do you mean with key types? random keys are only supported by
dm-crypt, luks requires a persistent key. but appart from that, i don't
know of any limits. you can use whatever file you like as a key. binary,
text, and also random data.
when i say that luks doesn't support random keys, i mean that a key for
a partition needs to be persistent. while it is perfectly possible to
create a key out of random data and use this key for luksFormat and
later for luksOpen, it is not possible to use random data directly. this
is because luks saves headers on the encrypted partition, and therefore
needs to initialize it first.
in other words, for luks you need to luksFormat a partition first, and
then you can open it with the supplied key/password via luksOpen.
for plain dm-crypt there exists no formatting, thus partitions can be
encrypted with /dev/random directly (what is interesting for swap and
tmp).

> partman-crypto currently knows about two key types: random
> and keyfile (loop-AES GnuPG-encrypted). It also has provisions
> for asking for a plain passphrase. Other key types will
> probably require some new code. crypttab(5) mentions keyfiles;
> Do you know if they are comparable to loop-AES keyfiles?

i don't know what loop-AES keyfiles are, but for dm-crypt and luks any
random file can be used as key. the more random it's content is, the
more secure it is. so when users choose to create a key file instead of
using an existant one, i'dd suggest to use 'dd if=/dev/random of=keyfile'.

> > - start the decryption, make the decrypted device available in a way
> >   that it can be mounted
> 
> Yes. I suppose we do the LUKS format at the same time we
> currently do losetup for loop-AES, then we create a crypttab
> and do the equivalent of /etc/init.d/cryptdisks start. Am I
> understanding this correctly?

yes, sounds correct.

> > - configure the system in a way that this is kept after reboot.
> 
> Yes. I suppose we'd need to copy crypttab onto the target
> system and make sure cryptsetup is installed? This should be
> relatively easy to do. Scripts in finish.d/ are responsible 
> for doing this. The target system is mounted in /target.

sounds reasonable too.

> > for LUKS setup this point is quite unimportant, but for
> > preparing such a setup it might be important. as far as i know,
> > cryptsetup itself doesn't use random entropy, but i might be
> > wrong.  but ideally the device should be filled with random data
> > before it is initialized as encrypted (choose_partition/crypto
> > in the README). this indeed needs lots of random entropy.
> 
> Here we could re-use what is done for loop-AES: Initialize an
> encrypted loop device with random key and just dd if=/dev/zero
> of=/dev/loop. The advantage being that it consumes rather
> little entropy and is relatively fast.

but /dev/zero is not really a good source for random data, is it? even
/dev/urandom is considered as insecure, so i'dd rather try to give
/dev/random more entropy instead of using less secure sources.

> Can plain dm-crypt and LUKS be used at the same time and
> within the same cryptsetup configuration file? Excuse my
> ignorance - I should really take a closer look at how
> cryptsetup works. :-) 

yes, the cryptsetup package in debian/unstable supports both, plain
dm-crypt and luks. luks partitions are configured via the 'luks' option
in /etc/crypttab. if this option is not present, cryptsetup treats the
partition as a plain dm-crypt one.

...
 jonas