LinuxQuestions.org
Welcome to the most active Linux Forum on the web.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices

Reply
 
Search this Thread
Old 12-13-2008, 02:28 PM   #1
Feeg
LQ Newbie
 
Registered: Feb 2006
Location: Sydney, Australia
Distribution: Slackware
Posts: 5

Rep: Reputation: 0
dd and disk encryption


Hey,

I just have a quick question about the behaviour of dd with encryption.

After creating a regular filesystem inside an encrypted partition, can I use dd to safely copy the contents of a drive image into that partition such that it will be encrypted?

What I assume is, so long as I copy into the mounted, decrypted partition, the copy should pass through the encryption layer and thus be encrypted as it is stored to disk, but for some reason I've got this lingering doubt.

Can anyone confirm that this is a reasonable approach?

(Background info: I'm building an image of a root drive to copy onto a small, slow, portable computer, hence the full drive encryption and the desire to build the OS on a different machine.)
 
Old 12-13-2008, 02:33 PM   #2
pixellany
LQ Veteran
 
Registered: Nov 2005
Location: Annapolis, MD
Distribution: Arch/XFCE
Posts: 17,802

Rep: Reputation: 728Reputation: 728Reputation: 728Reputation: 728Reputation: 728Reputation: 728Reputation: 728
dd copies an area of the hard disk, bit by bit. It does not care whether that data is encrypted.

I don't know what an "encrypted partition" is but, if you setup any partition, and then use dd to copy to it, it simply copies all the bits into the start of the partition. The result is determined by what was in the source.
 
Old 12-13-2008, 02:48 PM   #3
pixellany
LQ Veteran
 
Registered: Nov 2005
Location: Annapolis, MD
Distribution: Arch/XFCE
Posts: 17,802

Rep: Reputation: 728Reputation: 728Reputation: 728Reputation: 728Reputation: 728Reputation: 728Reputation: 728
I just did a quick experiment. I created and formatted a small partition (sda3) and copied a file to it normally. I then copied another file using dd:

dd if=filename of=/dev/sda3

The second file is not visible using normal commands. Using dd, it is visible at the very beginning of the partition---before any filesystem stuff. If it had been a larger file, it would have damaged the filesystem structures and the first file would disappear.
 
Old 12-13-2008, 03:30 PM   #4
Feeg
LQ Newbie
 
Registered: Feb 2006
Location: Sydney, Australia
Distribution: Slackware
Posts: 5

Original Poster
Rep: Reputation: 0
Hi Pixellany,

thanks for your test. I don't think I adequately explained the process I'm intending to use.

Rather than dd directly onto /dev/sda2, I would be creating an encrypted volume on sda2. Ie:

cryptsetup -s 256 -y luksFormat /dev/sda2

cryptsetup luksOpen /dev/sda2 cryptroot

So what I've done is create an encrypted partition on /dev/sda2, and opened it so its now accessible at /dev/mapper/cryptroot

Accessing /dev/mapper/cryptroot I can now create a filesystem on that device which is correctly formatted as (say) ext2 so I can then mount /dev/mapper/cryptroot on / providing my initrd opens the encrypted partition.

----

With that out of the way, I suppose the command I'd be attempting would be more like dd if=img.img of=/dev/mapper/cryptroot

And, if img.img contains an ext2 formatted partition I should be able to access it as I would a manually created partition, and the contents when written via dd will still get encrypted.

But as you said, dd is very low-level, so, newbie that I am, I was hoping someone with experience with encryption could confirm whether this will behave the way I've described.

Cheers.
 
Old 12-13-2008, 03:53 PM   #5
pinniped
Senior Member
 
Registered: May 2008
Location: planet earth
Distribution: Debian
Posts: 1,732

Rep: Reputation: 50
Don't you mean something like:

mount -o loop img.img /mnt/img
(then mount the crypt partition to /mnt/crypt)
cp -a /mnt/img/* /mnt/crypt/.

It is not clear what the 'dd' approach would yield but you can try it using a large text file.
 
Old 12-13-2008, 04:12 PM   #6
Feeg
LQ Newbie
 
Registered: Feb 2006
Location: Sydney, Australia
Distribution: Slackware
Posts: 5

Original Poster
Rep: Reputation: 0
Quote:
Originally Posted by pinniped View Post
Don't you mean something like:

mount -o loop img.img /mnt/img
(then mount the crypt partition to /mnt/crypt)
cp -a /mnt/img/* /mnt/crypt/.

It is not clear what the 'dd' approach would yield but you can try it using a large text file.
That's a good idea- even writing a smallish textfile into the partition then copying the contents of the actual device back and searching through for the contents of the text file should answer my question.

Thanks!
 
Old 12-13-2008, 05:55 PM   #7
pixellany
LQ Veteran
 
Registered: Nov 2005
Location: Annapolis, MD
Distribution: Arch/XFCE
Posts: 17,802

Rep: Reputation: 728Reputation: 728Reputation: 728Reputation: 728Reputation: 728Reputation: 728Reputation: 728
I really don't think dd cares about encryption---it copies each bit verbatim---those bits could be:
data
filessytem overhead
encryption overhead
partition tables
boot code
secret stuff installed by hardware vendors

To really answer your questions, you may want to take up exploring. Start with this:

dd /dev/sda|hexdump -C|more

to search for things:
dd /dev/sda|hexdump -C|grep <pattern> ##The way hexdump works you can search on hex patterns or the ascii equivalent.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Full disk encryption ourskool Linux - Security 1 01-23-2008 11:52 AM
Disk encryption software TheStupid Linux - Software 13 10-07-2007 10:43 PM
Multiboot Full Disk Encryption Polarian Linux - General 1 07-12-2007 08:37 PM
NAS + disk encryption Chris594 Linux - Networking 4 07-11-2006 12:31 PM
disk encryption ankscorek Linux - Security 5 05-03-2006 12:59 PM


All times are GMT -5. The time now is 11:31 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration