LinuxQuestions.org
Go Job Hunting at the LQ Job Marketplace
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Distributions > Debian
User Name
Password
Debian This forum is for the discussion of Debian Linux.

Notices

Reply
 
Search this Thread
Old 12-30-2004, 09:00 AM   #1
slashdotdash
LQ Newbie
 
Registered: Dec 2004
Posts: 5

Rep: Reputation: 0
AES encrypted file in Debian


I've recently switched from Gentoo to Debian, one of the problems I now have is that I cannot mount an encrypted file that was accessbile under Gentoo. The file is encrypted using aes with a 256 bit key size, but when I try to mount it an error is given. I have the following entry in my fstab and I have insmod'ed the kernel module (in /lib/modules/2.6.8-1-686/kernel/crypto/) and /proc/crypto shows the module correctly, I have also installed "loop-aes-utils" but I'm not entirely sure what that provides which the kernel modules don't!

/etc/fstab
Code:
# Encrypted file
.crypto     Encrypted       ext2    defaults,noauto,loop,encryption=aes-256,user    0 0
Code:
$ cat /proc/crypto
name         : aes
module       : aes_i586
type         : cipher
blocksize    : 16
min keysize  : 16
max keysize  : 32
When running "make menuconfig" I see that the kernel module "AES cipher algorithms (i586)" option allows the following "The AES specifies three key sizes: 128, 192 and 256 bits" so it should be fine.
Code:
$ mount .crypto
Password:
ioctl: LOOP_SET_STATUS: Invalid argument, requested cipher or key length (256 bits) not supported by kernel
Any help appreciated as most of my important data is encrypted in this file so I *really* need to get it back. (In the worst case scenario I still have my Gentoo install on a second disk so I could boot that up and decrypt the files to transfer, but I'd prefer to get the encryption working
 
Old 12-30-2004, 09:15 AM   #2
slashdotdash
LQ Newbie
 
Registered: Dec 2004
Posts: 5

Original Poster
Rep: Reputation: 0
Just for some extra info for my previous post, I can successfully mount a file using the loopback interface:
Code:
mount -o ro,loop -t iso9660 /path/to/an/iso/image.iso /mnt/iso/
Worked perfectly, so it is definitely and encryption issue.
 
Old 01-17-2005, 11:17 AM   #3
slashdotdash
LQ Newbie
 
Registered: Dec 2004
Posts: 5

Original Poster
Rep: Reputation: 0
Update

As an update to my post I had to resort to running my old Gentoo system to decrypt the files, save them unencrypted and then I could access them in my Debian system.

I have no idea why I couldn't mount the encrypted files in Debian (possibly a version difference?) but I could create an encrypted file in Debian and successfully write to it.
Code:
$ modprobe cryptoloop

$ cd /tmp

$ dd if=/dev/urandom of=test.crypt bs=1M count=10
10+0 records in
10+0 records out
10485760 bytes transferred in 1.634547 seconds (6415087 bytes/sec)

$ losetup -e aes-256 /dev/loop0 test.crypt
Password:

$ mkfs.ext2 /dev/loop0
mke2fs 1.35 (28-Feb-2004)
Filesystem label=
OS type: Linux
Block size=1024 (log=0)
Fragment size=1024 (log=0)
2560 inodes, 10240 blocks
512 blocks (5.00%) reserved for the super user
First data block=1
2 block groups
8192 blocks per group, 8192 fragments per group
1280 inodes per group
Superblock backups stored on blocks:
        8193

Writing inode tables: done
Writing superblocks and filesystem accounting information: done

This filesystem will be automatically checked every 21 mounts or
180 days, whichever comes first.  Use tune2fs -c or -i to override.

$  mount -t ext2 /dev/loop0 crypto/

$ ls -l crypto/
total 12
drwx------  2 root root 12288 Jan 17 17:04 lost+found

$ umount /dev/loop0

$ losetup -d /dev/loop0

$  mount -t ext2 -o loop,encryption=aes-256 test.crypt crypto/
Password:
Works perfectly and I can happily write files and encrypt / decrypt them which is strange because I couldn't decrypt the file from my Gentoo install in my Debian system.

Does anyone have a suggestion for the best way of encrypting files in Linux which are accessible across distros and hopefully should be accessible sometime in the distant future?
 
Old 01-25-2005, 09:21 AM   #4
Sepero
Member
 
Registered: Jul 2004
Location: Tampa, Florida, USA
Distribution: Ubuntu
Posts: 733
Blog Entries: 1

Rep: Reputation: 30
That is strange. I wonder why it wouldn't work.
 
Old 01-25-2005, 02:07 PM   #5
yanik
Member
 
Registered: Oct 2003
Location: Montreal Beach
Distribution: Debian Unstable
Posts: 368

Rep: Reputation: 30
this is interesting. I'd like to encrypt my /home partition, are you aware of a tutorial for debian on how to do this step by step?

Thanks
 
Old 01-25-2005, 02:24 PM   #6
Sepero
Member
 
Registered: Jul 2004
Location: Tampa, Florida, USA
Distribution: Ubuntu
Posts: 733
Blog Entries: 1

Rep: Reputation: 30
Quote:
Originally posted by yanik
this is interesting. I'd like to encrypt my /home partition, are you aware of a tutorial for debian on how to do this step by step?

Thanks
I've tried several different searches on google and couldn't find one that was specific to Debian. Though, I did find the encrypted root FS tutorial. It can easily be modified to accomodate your /home.
http://linuxfromscratch.org/~devine/erfs-howto.html

My thing though, is that I hate hate hate compiling. Fortunately, I found some pre-built loop-aes modules at apt-get.org
www.apt-get.org
 
Old 01-25-2005, 03:46 PM   #7
yanik
Member
 
Registered: Oct 2003
Location: Montreal Beach
Distribution: Debian Unstable
Posts: 368

Rep: Reputation: 30
thanks Sepero
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
What R the requirements of aes-256 encrypted loopback device? zahoo Linux - Software 1 06-14-2005 08:47 AM
Encrypted file systems hamish Linux - Enterprise 2 02-15-2005 12:41 PM
Encrypted file systems? jbeedham Linux - Security 4 07-06-2004 12:19 PM
encrypted file system black_man Linux - Software 7 02-23-2004 05:24 PM
Encrypted File System for 9.2? scottdwright Mandriva 3 11-24-2003 03:53 AM


All times are GMT -5. The time now is 07:30 PM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration