Dm-crypt
Encyclopedia
dm-crypt is a transparent disk encryption
subsystem in Linux kernel
versions 2.6 and later and in DragonFly BSD
. It is part of the device mapper
infrastructure, and uses cryptographic routines from the kernel's Crypto API. Unlike its predecessor cryptoloop
, dm-crypt was designed to support advanced modes of operation, such as XTS, LRW and ESSIV (see disk encryption theory), in order to avoid watermarking attack
s. In addition to that, dm-crypt also addresses some reliability problems of cryptoloop.
dm-crypt is implemented as a device mapper target and may be stacked on top of other device mapper transformations. It can thus encrypt whole disks (including removable media
), partition
s, software RAID volumes, logical volumes, as well as file
s. It appears as a block device, which can be used to back file systems, swap or an LVM
physical volume.
Some Linux distribution
s support the use of dm-crypt on root file system. These distributions use initrd
to prompt the user to enter a passphrase at the console, or insert a smart card
prior to the normal boot process.
front-ends to create and activate encrypted volumes, and manage authentication. At least two frontends are currently available: cryptsetup and cryptmount
.
can be used per volume; the symmetric encryption key directly derived from the supplied passphrase
. For these reasons, the use of cryptsetup is discouraged with plain passphrases. However, the simplicity of cryptsetup makes it useful when combined with third party software, for example, with smart card
authentication.
cryptsetup also provides commands to deal with the Linux Unified Key Setup
(LUKS) on-disk format. This format provides additional features such as key management
and key stretching (using PBKDF2
), and remembers encrypted volume configuration across reboots.
/unmount a dm-crypt file system when needed, without needing superuser
privileges after the device has been configured by a superuser.
s supported by the operating system
, as well as swap space. Encrypted volumes can be stored on disk partitions, logical volumes, whole disks as well as file
-backed disk image
s (through the use of loop device
s with the losetup utility). It can also be configured to encrypt RAID
volumes and LVM
physical volumes.
It can also be configured to provide pre-boot
authentication through an initrd
, thus encrypting all data on the computer (except the bootloader, the kernel and the initrd itself).
When using the cipher block chaining mode of operation with predictable initialization vector
s as other disk encryption software, the disk is vulnerable to watermarking attack
s. This means that an attacker is able to detect the presence of specially crafted data on the disk. To address this problem in its predecessors, dm-crypt included provisions for more elaborate, disk encryption-specific modes of operation. Support for ESSIV (encrypted salt-sector initialization vector) was introduced in Linux kernel version 2.6.10, LRW in 2.6.20 and XTS in 2.6.24. However, the CBC mode is still the default for compatibility with older volumes.
The Linux Crypto API includes support for most popular block cipher
s and hash function
s, which are all usable with dm-crypt.
, provided that the filesystem used is supported by Windows (e.g. FAT/FAT32/NTFS).
Encrypted Ext2, Ext3 and Ext4 filesystems are supported by use of Ext2Fsd (all ext* versions) or Ext2 Installable File System for Windows (ext2 and ext3 only) and with FreeOTFE
Cryptsetup/LUKS and the required infrastructure have also been implemented on the DragonFly BSD
operating system
.
Disk encryption
Disk encryption is a special case of data at rest protection when the storage media is a sector-addressable device . This article presents cryptographic aspects of the problem...
subsystem in Linux kernel
Linux kernel
The Linux kernel is an operating system kernel used by the Linux family of Unix-like operating systems. It is one of the most prominent examples of free and open source software....
versions 2.6 and later and in DragonFly BSD
DragonFly BSD
DragonFly BSD is a free Unix-like operating system created as a fork of FreeBSD 4.8. Matthew Dillon, an Amiga developer in the late 1980s and early 1990s and a FreeBSD developer between 1994 and 2003, began work on DragonFly BSD in June 2003 and announced it on the FreeBSD mailing lists on July...
. It is part of the device mapper
Device mapper
In the Linux kernel, the device-mapper serves as a generic framework to map one block device onto another. It forms the foundation of LVM2 and EVMS, software RAIDs, dm-crypt disk encryption, and offers additional features such as file-system snapshots....
infrastructure, and uses cryptographic routines from the kernel's Crypto API. Unlike its predecessor cryptoloop
Cryptoloop
Cryptoloop is a disk encryption module for Linux which relies on the Crypto API in the 2.6 Linux kernel series. It was first introduced in the 2.5.x kernel series...
, dm-crypt was designed to support advanced modes of operation, such as XTS, LRW and ESSIV (see disk encryption theory), in order to avoid watermarking attack
Watermarking attack
In cryptography, a watermarking attack is an attack on disk encryption methods where the presence of a specially crafted piece of data can be detected by an attacker without knowing the encryption key.-Problem description:...
s. In addition to that, dm-crypt also addresses some reliability problems of cryptoloop.
dm-crypt is implemented as a device mapper target and may be stacked on top of other device mapper transformations. It can thus encrypt whole disks (including removable media
Removable media
In computer storage, removable media refers to storage media which is designed to be removed from the computer without powering the computer off.Some types of removable media are designed to be read by removable readers and drives...
), partition
Disk partitioning
Disk partitioning is the act of dividing a hard disk drive into multiple logical storage units referred to as partitions, to treat one physical disk drive as if it were multiple disks. Partitions are also termed "slices" for operating systems based on BSD, Solaris or GNU Hurd...
s, software RAID volumes, logical volumes, as well as file
Computer file
A computer file is a block of arbitrary information, or resource for storing information, which is available to a computer program and is usually based on some kind of durable storage. A file is durable in the sense that it remains available for programs to use after the current program has finished...
s. It appears as a block device, which can be used to back file systems, swap or an LVM
Logical Volume Manager (Linux)
LVM is a logical volume manager for the Linux kernel; it manages disk drives and similar mass-storage devices, in particular large ones. The term "volume" refers to a disk drive or partition thereof...
physical volume.
Some Linux distribution
Linux distribution
A Linux distribution is a member of the family of Unix-like operating systems built on top of the Linux kernel. Such distributions are operating systems including a large collection of software applications such as word processors, spreadsheets, media players, and database applications...
s support the use of dm-crypt on root file system. These distributions use initrd
Initrd
In computing, initrd is a scheme for loading a temporary file system into memory in the boot process of the Linux kernel. initrd and initramfs refer to slightly different methods of achieving this...
to prompt the user to enter a passphrase at the console, or insert a smart card
Smart card
A smart card, chip card, or integrated circuit card , is any pocket-sized card with embedded integrated circuits. A smart card or microprocessor cards contain volatile memory and microprocessor components. The card is made of plastic, generally polyvinyl chloride, but sometimes acrylonitrile...
prior to the normal boot process.
Frontends
The dm-crypt device mapper target resides entirely in kernel space, and is only concerned with encryption of the block device — it does not interpret any data itself. It relies on user spaceUser space
A conventional computer operating system usually segregates virtual memory into kernel space and user space. Kernel space is strictly reserved for running the kernel, kernel extensions, and most device drivers...
front-ends to create and activate encrypted volumes, and manage authentication. At least two frontends are currently available: cryptsetup and cryptmount
Cryptmount
cryptmount is a software tool for managing encrypted file systems under the GNU/Linux family of operating systems. It uses the device mapper and dm-crypt infrastructure to provide transparent encryption of file systems stored in disk partitions or within ordinary files.-Features:The main features...
.
cryptsetup
The "cryptsetup" command-line interface does not write any headers to the encrypted volume, and hence only provides the bare essentials: Encryption settings have to be provided every time the disk is mounted (although usually employed with automated scripts), and only one keyKey (cryptography)
In cryptography, a key is a piece of information that determines the functional output of a cryptographic algorithm or cipher. Without a key, the algorithm would produce no useful result. In encryption, a key specifies the particular transformation of plaintext into ciphertext, or vice versa...
can be used per volume; the symmetric encryption key directly derived from the supplied passphrase
Passphrase
A passphrase is a sequence of words or other text used to control access to a computer system, program or data. A passphrase is similar to a password in usage, but is generally longer for added security. Passphrases are often used to control both access to, and operation of, cryptographic programs...
. For these reasons, the use of cryptsetup is discouraged with plain passphrases. However, the simplicity of cryptsetup makes it useful when combined with third party software, for example, with smart card
Smart card
A smart card, chip card, or integrated circuit card , is any pocket-sized card with embedded integrated circuits. A smart card or microprocessor cards contain volatile memory and microprocessor components. The card is made of plastic, generally polyvinyl chloride, but sometimes acrylonitrile...
authentication.
cryptsetup also provides commands to deal with the Linux Unified Key Setup
Linux Unified Key Setup
In computing, the Linux Unified Key Setup or LUKS is a disk-encryption specification created by Clemens Fruhwirth and originally intended for Linux....
(LUKS) on-disk format. This format provides additional features such as key management
Key management
Key management is the provisions made in a cryptography system design that are related to generation, exchange, storage, safeguarding, use, vetting, and replacement of keys. It includes cryptographic protocol design, key servers, user procedures, and other relevant protocols.Key management concerns...
and key stretching (using PBKDF2
PBKDF2
PBKDF2 is a key derivation function that is part of RSA Laboratories' Public-Key Cryptography Standards series, specifically PKCS #5 v2.0, also published as Internet Engineering Task Force's RFC 2898...
), and remembers encrypted volume configuration across reboots.
cryptmount
The "cryptmount" interface is an alternative to the "cryptsetup" tool that allows any user to mountMount (computing)
Mounting takes place before a computer can use any kind of storage device . The user or their operating system must make it accessible through the computer's file system. A user can access only files on mounted media.- Mount point :A mount point is a physical location in the partition used as a...
/unmount a dm-crypt file system when needed, without needing superuser
Superuser
On many computer operating systems, the superuser is a special user account used for system administration. Depending on the operating system, the actual name of this account might be: root, administrator or supervisor....
privileges after the device has been configured by a superuser.
Features
The fact that disk encryption (volume encryption) software like dm-crypt only deals with transparent encryption of abstract block devices gives it a lot of flexibility. This means that it can be used for encrypting any disk-backed file systemFile system
A file system is a means to organize data expected to be retained after a program terminates by providing procedures to store, retrieve and update data, as well as manage the available space on the device which contain it. A file system organizes data in an efficient manner and is tuned to the...
s supported by the operating system
Operating system
An operating system is a set of programs that manage computer hardware resources and provide common services for application software. The operating system is the most important type of system software in a computer system...
, as well as swap space. Encrypted volumes can be stored on disk partitions, logical volumes, whole disks as well as file
Computer file
A computer file is a block of arbitrary information, or resource for storing information, which is available to a computer program and is usually based on some kind of durable storage. A file is durable in the sense that it remains available for programs to use after the current program has finished...
-backed disk image
Disk image
A disk image is a single file or storage device containing the complete contents and structure representing a data storage medium or device, such as a hard drive, tape drive, floppy disk, CD/DVD/BD, or USB flash drive, although an image of an optical disc may be referred to as an optical disc image...
s (through the use of loop device
Loop device
In Unix-like operating systems, a loop device, vnd , or lofi is a pseudo-device that makes a file accessible as a block device....
s with the losetup utility). It can also be configured to encrypt RAID
RAID
RAID is a storage technology that combines multiple disk drive components into a logical unit...
volumes and LVM
Logical volume management
In computer storage, logical volume management or LVM provides a method of allocating space on mass-storage devices that is more flexible than conventional partitioning schemes...
physical volumes.
It can also be configured to provide pre-boot
Booting
In computing, booting is a process that begins when a user turns on a computer system and prepares the computer to perform its normal operations. On modern computers, this typically involves loading and starting an operating system. The boot sequence is the initial set of operations that the...
authentication through an initrd
Initrd
In computing, initrd is a scheme for loading a temporary file system into memory in the boot process of the Linux kernel. initrd and initramfs refer to slightly different methods of achieving this...
, thus encrypting all data on the computer (except the bootloader, the kernel and the initrd itself).
When using the cipher block chaining mode of operation with predictable initialization vector
Initialization vector
In cryptography, an initialization vector is a fixed-size input to a cryptographic primitive that is typically required to be random or pseudorandom...
s as other disk encryption software, the disk is vulnerable to watermarking attack
Watermarking attack
In cryptography, a watermarking attack is an attack on disk encryption methods where the presence of a specially crafted piece of data can be detected by an attacker without knowing the encryption key.-Problem description:...
s. This means that an attacker is able to detect the presence of specially crafted data on the disk. To address this problem in its predecessors, dm-crypt included provisions for more elaborate, disk encryption-specific modes of operation. Support for ESSIV (encrypted salt-sector initialization vector) was introduced in Linux kernel version 2.6.10, LRW in 2.6.20 and XTS in 2.6.24. However, the CBC mode is still the default for compatibility with older volumes.
The Linux Crypto API includes support for most popular block cipher
Block cipher
In cryptography, a block cipher is a symmetric key cipher operating on fixed-length groups of bits, called blocks, with an unvarying transformation. A block cipher encryption algorithm might take a 128-bit block of plaintext as input, and output a corresponding 128-bit block of ciphertext...
s and hash function
Hash function
A hash function is any algorithm or subroutine that maps large data sets to smaller data sets, called keys. For example, a single integer can serve as an index to an array...
s, which are all usable with dm-crypt.
Compatibility
dm-crypt and LUKS encrypted disks can be accessed and used under MS Windows using FreeOTFEFreeOTFE
FreeOTFE is an open source on-the-fly disk encryption computer program for PCs running Microsoft Windows, and personal digital assistants running Windows Mobile . It creates virtual drives, or disks, to which anything written is automatically encrypted before being stored on a computer's hard or...
, provided that the filesystem used is supported by Windows (e.g. FAT/FAT32/NTFS).
Encrypted Ext2, Ext3 and Ext4 filesystems are supported by use of Ext2Fsd (all ext* versions) or Ext2 Installable File System for Windows (ext2 and ext3 only) and with FreeOTFE
FreeOTFE
FreeOTFE is an open source on-the-fly disk encryption computer program for PCs running Microsoft Windows, and personal digital assistants running Windows Mobile . It creates virtual drives, or disks, to which anything written is automatically encrypted before being stored on a computer's hard or...
Cryptsetup/LUKS and the required infrastructure have also been implemented on the DragonFly BSD
DragonFly BSD
DragonFly BSD is a free Unix-like operating system created as a fork of FreeBSD 4.8. Matthew Dillon, an Amiga developer in the late 1980s and early 1990s and a FreeBSD developer between 1994 and 2003, began work on DragonFly BSD in June 2003 and announced it on the FreeBSD mailing lists on July...
operating system
Operating system
An operating system is a set of programs that manage computer hardware resources and provide common services for application software. The operating system is the most important type of system software in a computer system...
.
See also
- Linux Unified Key SetupLinux Unified Key SetupIn computing, the Linux Unified Key Setup or LUKS is a disk-encryption specification created by Clemens Fruhwirth and originally intended for Linux....
- Comparison of disk encryption softwareComparison of disk encryption software-Background information:-Operating systems:-Features:* Hidden containers: Whether hidden containers can be created for deniable encryption...
- Device mapperDevice mapperIn the Linux kernel, the device-mapper serves as a generic framework to map one block device onto another. It forms the foundation of LVM2 and EVMS, software RAIDs, dm-crypt disk encryption, and offers additional features such as file-system snapshots....
- FreeOTFEFreeOTFEFreeOTFE is an open source on-the-fly disk encryption computer program for PCs running Microsoft Windows, and personal digital assistants running Windows Mobile . It creates virtual drives, or disks, to which anything written is automatically encrypted before being stored on a computer's hard or...
- cryptmountCryptmountcryptmount is a software tool for managing encrypted file systems under the GNU/Linux family of operating systems. It uses the device mapper and dm-crypt infrastructure to provide transparent encryption of file systems stored in disk partitions or within ordinary files.-Features:The main features...
External links
- dm-crypt website
- cryptsetup-luks website
- cryptmount website
- All about dm-crypt and LUKS on one page - a page covering dm-crypt/LUKS, starting with theory and ending with many practical examples about its usage.