LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Debian (https://www.linuxquestions.org/questions/debian-26/)
-   -   AES encrypted file in Debian (https://www.linuxquestions.org/questions/debian-26/aes-encrypted-file-in-debian-271893/)

slashdotdash 12-30-2004 09:00 AM
AES encrypted file in Debian
 
I've recently switched from Gentoo to Debian, one of the problems I now have is that I cannot mount an encrypted file that was accessbile under Gentoo. The file is encrypted using aes with a 256 bit key size, but when I try to mount it an error is given. I have the following entry in my fstab and I have insmod'ed the kernel module (in /lib/modules/2.6.8-1-686/kernel/crypto/) and /proc/crypto shows the module correctly, I have also installed "loop-aes-utils" but I'm not entirely sure what that provides which the kernel modules don't!

/etc/fstab
Code:
# Encrypted file
.crypto    Encrypted      ext2    defaults,noauto,loop,encryption=aes-256,user    0 0
Code:
$ cat /proc/crypto
name        : aes
module      : aes_i586
type        : cipher
blocksize    : 16
min keysize  : 16
max keysize  : 32
When running "make menuconfig" I see that the kernel module "AES cipher algorithms (i586)" option allows the following "The AES specifies three key sizes: 128, 192 and 256 bits" so it should be fine.
Code:
$ mount .crypto
Password:
ioctl: LOOP_SET_STATUS: Invalid argument, requested cipher or key length (256 bits) not supported by kernel
Any help appreciated as most of my important data is encrypted in this file so I *really* need to get it back. (In the worst case scenario I still have my Gentoo install on a second disk so I could boot that up and decrypt the files to transfer, but I'd prefer to get the encryption working

slashdotdash 12-30-2004 09:15 AM
Just for some extra info for my previous post, I can successfully mount a file using the loopback interface:
Code:
mount -o ro,loop -t iso9660 /path/to/an/iso/image.iso /mnt/iso/
Worked perfectly, so it is definitely and encryption issue.

slashdotdash 01-17-2005 11:17 AM
Update
 
As an update to my post I had to resort to running my old Gentoo system to decrypt the files, save them unencrypted and then I could access them in my Debian system.

I have no idea why I couldn't mount the encrypted files in Debian (possibly a version difference?) but I could create an encrypted file in Debian and successfully write to it.
Code:
$ modprobe cryptoloop

$ cd /tmp

$ dd if=/dev/urandom of=test.crypt bs=1M count=10
10+0 records in
10+0 records out
10485760 bytes transferred in 1.634547 seconds (6415087 bytes/sec)

$ losetup -e aes-256 /dev/loop0 test.crypt
Password:

$ mkfs.ext2 /dev/loop0
mke2fs 1.35 (28-Feb-2004)
Filesystem label=
OS type: Linux
Block size=1024 (log=0)
Fragment size=1024 (log=0)
2560 inodes, 10240 blocks
512 blocks (5.00%) reserved for the super user
First data block=1
2 block groups
8192 blocks per group, 8192 fragments per group
1280 inodes per group
Superblock backups stored on blocks:
        8193

Writing inode tables: done
Writing superblocks and filesystem accounting information: done

This filesystem will be automatically checked every 21 mounts or
180 days, whichever comes first.  Use tune2fs -c or -i to override.

$  mount -t ext2 /dev/loop0 crypto/

$ ls -l crypto/
total 12
drwx------  2 root root 12288 Jan 17 17:04 lost+found

$ umount /dev/loop0

$ losetup -d /dev/loop0

$  mount -t ext2 -o loop,encryption=aes-256 test.crypt crypto/
Password:
Works perfectly and I can happily write files and encrypt / decrypt them which is strange because I couldn't decrypt the file from my Gentoo install in my Debian system.

Does anyone have a suggestion for the best way of encrypting files in Linux which are accessible across distros and hopefully should be accessible sometime in the distant future?

Sepero 01-25-2005 09:21 AM
That is strange. I wonder why it wouldn't work. :confused:

yanik 01-25-2005 02:07 PM
this is interesting. I'd like to encrypt my /home partition, are you aware of a tutorial for debian on how to do this step by step?

Thanks

Sepero 01-25-2005 02:24 PM
Quote:
Originally posted by yanik
this is interesting. I'd like to encrypt my /home partition, are you aware of a tutorial for debian on how to do this step by step?

Thanks
I've tried several different searches on google and couldn't find one that was specific to Debian. Though, I did find the encrypted root FS tutorial. It can easily be modified to accomodate your /home.
http://linuxfromscratch.org/~devine/erfs-howto.html

My thing though, is that I hate hate hate compiling. Fortunately, I found some pre-built loop-aes modules at apt-get.org
www.apt-get.org

yanik 01-25-2005 03:46 PM
thanks Sepero


All times are GMT -5. The time now is 08:19 AM.