Linux Examples: LUKS
This section gives a series of examples of how to create Linux LUKS volumes, and then mount them using FreeOTFE.
To begin using LUKS under Linux, ensure that the various kernel modules are installed:
modprobe cryptoloop
modprobe aes modprobe anubis modprobe arc4 modprobe blkcipher modprobe blowfish modprobe cast5 modprobe cast6 modprobe cbc modprobe crc32c modprobe crypto_algapi modprobe crypto_hash modprobe cryptomgr modprobe crypto_null modprobe deflate modprobe des modprobe ecb modprobe gf128mul modprobe hmac modprobe khazad modprobe lrw modprobe md4 modprobe md5 modprobe michael_mic modprobe serpent modprobe sha1 modprobe sha256 modprobe sha512 modprobe tea modprobe tgr192 modprobe twofish_common modprobe twofish modprobe wp512 modprobe xcbc
# dm_mod should give you dm_snapshot, dm_zero and dm_mirror? modprobe dm_mod modprobe dm_crypt
At this point, typing "dmsetup targets" should give you something along the lines of:
crypt v1.0.0 striped v1.0.1 linear v1.0.1 error v1.0.1
Typing "lsmod" will show you which modules are currently installed.
The examples shown below may then be followed to create and use various volume files.
Note: If not overridden by the user, LUKS defaults to encrypting with:
Cypher:
|
AES
|
Cypher keysize:
|
128 bit
|
Cypher mode:
|
cbc-plain
|
Hash:
|
SHA-1 |
This document gives the follow examples:
Note: These examples have been
tested using Fedora Core 3, with a v2.6.20.1 kernel installed and using cryptsetup-luks v1.0; though
they should work for all compatible Linux distributions.
Note: The executable name in the following examples is "cryptsetup-luks"; most systems use "cryptsetup".
Example #1: Mounting a LUKS Volume Using LUKS's Default Encryption
This example demonstrates use of a LUKS volume using the LUKS's
default encryption system: AES128 with the user's password hashed with SHA1, using 32 bit sector IDs as encryption IVs
Creating the volume file under Linux:
dd if=/dev/zero of=./volumes/vol_default.vol bs=1M count=1 losetup /dev/loop0 ./volumes/vol_default.vol echo password1234567890ABC | cryptsetup-luks luksFormat /dev/loop0 cryptsetup-luks luksDump /dev/loop0 echo password1234567890ABC | cryptsetup-luks luksOpen /dev/loop0 myMapper dmsetup ls dmsetup table dmsetup status cryptsetup-luks status myMapper losetup /dev/loop1 /dev/mapper/myMapper mkdosfs /dev/loop1 mkdir ./test_mountpoint mount /dev/loop1 ./test_mountpoint cp ./test_files/SHORT_TEXT.txt ./test_mountpoint cp ./test_files/BINARY_ZEROS.dat ./test_mountpoint cp ./test_files/BINARY_ABC_RPTD.dat ./test_mountpoint cp ./test_files/BINARY_00_FF_RPTD.dat ./test_mountpoint umount ./test_mountpoint losetup -d /dev/loop1 cryptsetup-luks luksClose myMapper losetup -d /dev/loop0 rm -rf ./test_mountpoint
Mounting the volume under FreeOTFE:
- Select "Linux | Mount..."
- Select the volume file
- In the dialog shown, enter "password1234567890ABC" as the key, and set any of the options wanted.
- Click the "OK" button
Example #2: Mounting a LUKS Volume Using 256 bit AES Encryption
This example demonstrates use of a LUKS AES256 volume.
Creating the volume file under Linux:
dd if=/dev/zero of=./volumes/vol_aes_256.vol bs=1M count=1 losetup /dev/loop0 ./volumes/vol_aes_256.vol echo password1234567890ABC | cryptsetup-luks -c aes -s 256 luksFormat /dev/loop0 cryptsetup-luks luksDump /dev/loop0 echo password1234567890ABC | cryptsetup-luks luksOpen /dev/loop0 myMapper dmsetup ls dmsetup table dmsetup status cryptsetup-luks status myMapper losetup /dev/loop1 /dev/mapper/myMapper mkdosfs /dev/loop1 mkdir ./test_mountpoint mount /dev/loop1 ./test_mountpoint cp ./test_files/SHORT_TEXT.txt ./test_mountpoint cp ./test_files/BINARY_ZEROS.dat ./test_mountpoint cp ./test_files/BINARY_ABC_RPTD.dat ./test_mountpoint cp ./test_files/BINARY_00_FF_RPTD.dat ./test_mountpoint umount ./test_mountpoint losetup -d /dev/loop1 cryptsetup-luks luksClose myMapper losetup -d /dev/loop0 rm -rf ./test_mountpoint
Mounting the volume under FreeOTFE:
- Select "Linux | Mount..."
- Select the losetup volume file
- In the dialog shown, enter "password1234567890ABC" as the key, and set any of the options wanted.
- Click the "OK" button
Example #3: Mounting a LUKS Volume Using 128 bit Twofish Encryption
This example demonstrates use of a LUKS Twofish 128 volume.
Creating the volume file under Linux:
dd if=/dev/zero of=./volumes/vol_twofish.vol bs=1M count=1 losetup /dev/loop0 ./volumes/vol_twofish.vol echo password1234567890ABC | cryptsetup-luks -c twofish luksFormat /dev/loop0 cryptsetup-luks luksDump /dev/loop0 echo password1234567890ABC | cryptsetup-luks luksOpen /dev/loop0 myMapper dmsetup ls dmsetup table dmsetup status cryptsetup-luks status myMapper losetup /dev/loop1 /dev/mapper/myMapper #cat ./test_files/2MB_Z.dat > /dev/loop1 #cat ./test_files/2MB_0x00.dat > /dev/loop1 mkdosfs /dev/loop1 mkdir ./test_mountpoint mount /dev/loop1 ./test_mountpoint cp ./test_files/SHORT_TEXT.txt ./test_mountpoint cp ./test_files/BINARY_ZEROS.dat ./test_mountpoint cp ./test_files/BINARY_ABC_RPTD.dat ./test_mountpoint cp ./test_files/BINARY_00_FF_RPTD.dat ./test_mountpoint umount ./test_mountpoint losetup -d /dev/loop1 cryptsetup-luks luksClose myMapper losetup -d /dev/loop0 rm -rf ./test_mountpoint
Mounting the volume under FreeOTFE:
- Select "Linux | Mount..."
- Select the losetup volume file
- In the dialog shown, enter "password1234567890ABC" as the key, and set any of the options wanted.
- Click the "OK" button
|