AES encrypted file in Debian

slashdotdash · 12-30-2004, 09:00 AM

I've recently switched from Gentoo to Debian, one of the problems I now have is that I cannot mount an encrypted file that was accessbile under Gentoo. The file is encrypted using aes with a 256 bit key size, but when I try to mount it an error is given. I have the following entry in my fstab and I have insmod'ed the kernel module (in /lib/modules/2.6.8-1-686/kernel/crypto/) and /proc/crypto shows the module correctly, I have also installed "loop-aes-utils" but I'm not entirely sure what that provides which the kernel modules don't!

/etc/fstab

Code:

# Encrypted file
.crypto     Encrypted       ext2    defaults,noauto,loop,encryption=aes-256,user    0 0

Code:

$ cat /proc/crypto
name         : aes
module       : aes_i586
type         : cipher
blocksize    : 16
min keysize  : 16
max keysize  : 32

When running "make menuconfig" I see that the kernel module "AES cipher algorithms (i586)" option allows the following "The AES specifies three key sizes: 128, 192 and 256 bits" so it should be fine.

Code:

$ mount .crypto
Password:
ioctl: LOOP_SET_STATUS: Invalid argument, requested cipher or key length (256 bits) not supported by kernel

Any help appreciated as most of my important data is encrypted in this file so I *really* need to get it back. (In the worst case scenario I still have my Gentoo install on a second disk so I could boot that up and decrypt the files to transfer, but I'd prefer to get the encryption working

slashdotdash · 12-30-2004, 09:15 AM

Just for some extra info for my previous post, I can successfully mount a file using the loopback interface:

Code:

mount -o ro,loop -t iso9660 /path/to/an/iso/image.iso /mnt/iso/

Worked perfectly, so it is definitely and encryption issue.

slashdotdash · 01-17-2005, 11:17 AM

As an update to my post I had to resort to running my old Gentoo system to decrypt the files, save them unencrypted and then I could access them in my Debian system.

I have no idea why I couldn't mount the encrypted files in Debian (possibly a version difference?) but I could create an encrypted file in Debian and successfully write to it.

Code:

$ modprobe cryptoloop

$ cd /tmp

$ dd if=/dev/urandom of=test.crypt bs=1M count=10
10+0 records in
10+0 records out
10485760 bytes transferred in 1.634547 seconds (6415087 bytes/sec)

$ losetup -e aes-256 /dev/loop0 test.crypt
Password:

$ mkfs.ext2 /dev/loop0
mke2fs 1.35 (28-Feb-2004)
Filesystem label=
OS type: Linux
Block size=1024 (log=0)
Fragment size=1024 (log=0)
2560 inodes, 10240 blocks
512 blocks (5.00%) reserved for the super user
First data block=1
2 block groups
8192 blocks per group, 8192 fragments per group
1280 inodes per group
Superblock backups stored on blocks:
        8193

Writing inode tables: done
Writing superblocks and filesystem accounting information: done

This filesystem will be automatically checked every 21 mounts or
180 days, whichever comes first.  Use tune2fs -c or -i to override.

$  mount -t ext2 /dev/loop0 crypto/

$ ls -l crypto/
total 12
drwx------  2 root root 12288 Jan 17 17:04 lost+found

$ umount /dev/loop0

$ losetup -d /dev/loop0

$  mount -t ext2 -o loop,encryption=aes-256 test.crypt crypto/
Password:

Works perfectly and I can happily write files and encrypt / decrypt them which is strange because I couldn't decrypt the file from my Gentoo install in my Debian system.

Does anyone have a suggestion for the best way of encrypting files in Linux which are accessible across distros and hopefully should be accessible sometime in the distant future?

Sepero · 01-25-2005, 09:21 AM

That is strange. I wonder why it wouldn't work.

yanik · 01-25-2005, 02:07 PM

this is interesting. I'd like to encrypt my /home partition, are you aware of a tutorial for debian on how to do this step by step?

Thanks

Sepero · 01-25-2005, 02:24 PM

Quote:

Originally posted by yanik
this is interesting. I'd like to encrypt my /home partition, are you aware of a tutorial for debian on how to do this step by step?

Thanks

I've tried several different searches on google and couldn't find one that was specific to Debian. Though, I did find the encrypted root FS tutorial. It can easily be modified to accomodate your /home.
http://linuxfromscratch.org/~devine/erfs-howto.html

My thing though, is that I hate hate hate compiling. Fortunately, I found some pre-built loop-aes modules at apt-get.org
www.apt-get.org

yanik · 01-25-2005, 03:46 PM

thanks Sepero