FreeOTFE logo FreeOTFE
Contents

Linux Examples: dm-crypt

This section gives a series of examples of how to create Linux dm-crypt volumes, and then mount them using FreeOTFE.

To begin using dm-crypt under Linux, ensure that the various kernel modules are installed:
modprobe cryptoloop

modprobe deflate
modprobe zlib_deflate
modprobe twofish
modprobe serpent
modprobe aes_i586
modprobe blowfish
modprobe des
modprobe sha256
modprobe sha512
modprobe crypto_null
modprobe md5
modprobe md4
modprobe cast5
modprobe cast6
modprobe arc4
modprobe khazad
modprobe anubis

modprobe dm_mod (this should give you dm_snapshot, dm_zero and dm_mirror?)
modprobe dm_crypt
At this point, typing "dmsetup targets" should give you something along the lines of:
crypt            v1.0.0
striped          v1.0.1
linear           v1.0.1
error            v1.0.1
Typing "lsmod" will show you which modules are currently installed.
The examples shown below may then be followed to create and use various volume files.

Note: If not overridden by the user, dm-crypt defaults to encrypting with:

Cypher:
AES
Cypher keysize:
256 bit
User key processed with:
RIPEMD-160 (not "RIPEMD-160 (Linux; Twice, with A)")
"Hash with "A"s, if hash output is too short" option - selected
IV generation:
32 bit sector ID

This document gives the follow examples:
Note: These examples have been tested using Fedora Core 3, with a v2.6.11.7 kernel installed; though they should work for all compatable Linux distributions.

Example #1: Mounting a dm-crypt Volume Using dm-crypt's Default Encryption

This example demonstrates use of a dm-crypt volume using the dm-crypt's default encryption system: AES128 with the user's password hashed with RIPEMD160, using the 32 bit sector IDs as encryption IVs

Creating the volume file under Linux:
dd if=/dev/zero of=./volumes/vol_default.vol bs=1K count=100
losetup /dev/loop0 ./volumes/vol_default.vol
echo password1234567890ABC | cryptsetup create myMapper /dev/loop0
dmsetup ls
dmsetup table
dmsetup status
losetup /dev/loop1 /dev/mapper/myMapper
mkdosfs /dev/loop1
mkdir ./test_mountpoint
mount /dev/loop1 ./test_mountpoint
cp ./test_files/SHORT_TEXT.txt ./test_mountpoint
cp ./test_files/BINARY_ZEROS.dat ./test_mountpoint
cp ./test_files/BINARY_ABC_RPTD.dat ./test_mountpoint
cp ./test_files/BINARY_00_FF_RPTD.dat ./test_mountpoint
umount ./test_mountpoint
losetup -d /dev/loop1
cryptsetup remove myMapper
losetup -d /dev/loop0
rm -rf ./test_mountpoint
Mounting the volume under FreeOTFE:
  1. Select "Linux | Mount..."
  2. Select the volume file
  3. "Key" tab:
  4. "Encryption" tab:
  5. "File options" tab:
  6. "Mount options" tab:
  7. Click the "OK" button


Example #2: Mounting a dm-crypt Volume Using 128 bit AES Encryption

This example demonstrates use of a dm-crypt AES128 volume.

Creating the volume file under Linux:
dd if=/dev/zero of=./volumes/vol_aes128.vol bs=1K count=100
losetup /dev/loop0 ./volumes/vol_aes128.vol
echo password1234567890ABC | cryptsetup -c aes -s 128 create myMapper /dev/loop0
dmsetup ls
dmsetup table
dmsetup status
losetup /dev/loop1 /dev/mapper/myMapper
mkdosfs /dev/loop1
mkdir ./test_mountpoint
mount /dev/loop1 ./test_mountpoint
cp ./test_files/SHORT_TEXT.txt ./test_mountpoint
cp ./test_files/BINARY_ZEROS.dat ./test_mountpoint
cp ./test_files/BINARY_ABC_RPTD.dat ./test_mountpoint
cp ./test_files/BINARY_00_FF_RPTD.dat ./test_mountpoint
umount ./test_mountpoint
losetup -d /dev/loop1
cryptsetup remove myMapper
losetup -d /dev/loop0
rm -rf ./test_mountpoint
Mounting the volume under FreeOTFE:
  1. Select "Linux | Mount..."
  2. Select the volume file
  3. "Key" tab:
  4. "Encryption" tab:
  5. "File options" tab:
  6. "Mount options" tab:
  7. Click the "OK" button


Example #3: Mounting a dm-crypt Volume Using 256 bit AES Encryption, using SHA256 ESSIV

This example demonstrates use of a dm-crypt AES256 volume using SHA-256 ESSIV sector IVs.

Creating the volume file under Linux:
dd if=/dev/zero of=./volumes/vol_aes_essiv_sha256.vol bs=1K count=100
losetup /dev/loop0 ./volumes/vol_aes_essiv_sha256.vol
echo password1234567890ABC | cryptsetup -c aes-cbc-essiv:sha256 create myMapper /dev/loop0
dmsetup ls
dmsetup table
dmsetup status
losetup /dev/loop1 /dev/mapper/myMapper
mkdosfs /dev/loop1
mkdir ./test_mountpoint
mount /dev/loop1 ./test_mountpoint
cp ./test_files/SHORT_TEXT.txt ./test_mountpoint
cp ./test_files/BINARY_ZEROS.dat ./test_mountpoint
cp ./test_files/BINARY_ABC_RPTD.dat ./test_mountpoint
cp ./test_files/BINARY_00_FF_RPTD.dat ./test_mountpoint
umount ./test_mountpoint
losetup -d /dev/loop1
cryptsetup remove myMapper
losetup -d /dev/loop0
rm -rf ./test_mountpoint
Mounting the volume under FreeOTFE:
  1. Select "Linux | Mount..."
  2. Select the volume file
  3. "Key" tab:
  4. "Encryption" tab:
  5. "File options" tab:
  6. "Mount options" tab:
  7. Click the "OK" button


Example #4: Mounting a dm-crypt Volume Using 448 bit Blowfish Encryption

This example demonstrates use of a dm-crypt Blowfish 448 volume.

Creating the volume file under Linux:
dd if=/dev/zero of=./volumes/vol_blowfish_448.vol bs=1K count=100
losetup /dev/loop0 ./volumes/vol_blowfish_448.vol
echo password1234567890ABC | cryptsetup -c blowfish -s 448 create myMapper /dev/loop0
dmsetup ls
dmsetup table
dmsetup status
losetup /dev/loop1 /dev/mapper/myMapper
mkdosfs /dev/loop1
mkdir ./test_mountpoint
mount /dev/loop1 ./test_mountpoint
cp ./test_files/SHORT_TEXT.txt ./test_mountpoint
cp ./test_files/BINARY_ZEROS.dat ./test_mountpoint
cp ./test_files/BINARY_ABC_RPTD.dat ./test_mountpoint
cp ./test_files/BINARY_00_FF_RPTD.dat ./test_mountpoint
umount ./test_mountpoint
losetup -d /dev/loop1
cryptsetup remove myMapper
losetup -d /dev/loop0
rm -rf ./test_mountpoint
Mounting the volume under FreeOTFE:
  1. Select "Linux | Mount..."
  2. Select the volume file
  3. "Key" tab:
  4. "Encryption" tab:
  5. "File options" tab:
  6. "Mount options" tab:
  7. Click the "OK" button


Example #5: Mounting a dm-crypt Volume Using 256 bit Twofish and Offset

This example demonstrates use of a dm-crypt Twofish 256 volume, with the encrypted volume beginning at an offset of 3 sectors (3 x 512 = 1536 bytes) into the volume file.

Creating the volume file under Linux:
dd if=/dev/zero of=./volumes/vol_twofish_o3.vol bs=1K count=100
losetup /dev/loop0 ./volumes/vol_twofish_o3.vol
echo password1234567890ABC | cryptsetup -c twofish -o 3 create myMapper /dev/loop0
dmsetup ls
dmsetup table
dmsetup status
losetup /dev/loop1 /dev/mapper/myMapper
mkdosfs /dev/loop1
mkdir ./test_mountpoint
mount /dev/loop1 ./test_mountpoint
cp ./test_files/SHORT_TEXT.txt ./test_mountpoint
cp ./test_files/BINARY_ZEROS.dat ./test_mountpoint
cp ./test_files/BINARY_ABC_RPTD.dat ./test_mountpoint
cp ./test_files/BINARY_00_FF_RPTD.dat ./test_mountpoint
umount ./test_mountpoint
losetup -d /dev/loop1
cryptsetup remove myMapper
losetup -d /dev/loop0
rm -rf ./test_mountpoint
Mounting the volume under FreeOTFE:
  1. Select "Linux | Mount..."
  2. Select the volume file
  3. "Key" tab:
  4. "Encryption" tab:
  5. "File options" tab:
  6. "Mount options" tab:
  7. Click the "OK" button


Example #6: Mounting a dm-crypt Volume Using 256 bit AES Encryption, with MD5 Password Hashing

This example demonstrates use of a dm-crypt Twofish 256 volume, with the user's password processed with MD5.

Creating the volume file under Linux:
dd if=/dev/zero of=./volumes/vol_aes_md5.vol bs=1K count=100
losetup /dev/loop0 ./volumes/vol_aes_md5.vol
echo password1234567890ABC | cryptsetup -c aes -h md5 create myMapper /dev/loop0
dmsetup ls
dmsetup table
dmsetup status
losetup /dev/loop1 /dev/mapper/myMapper
mkdosfs /dev/loop1
mkdir ./test_mountpoint
mount /dev/loop1 ./test_mountpoint
cp ./test_files/SHORT_TEXT.txt ./test_mountpoint
cp ./test_files/BINARY_ZEROS.dat ./test_mountpoint
cp ./test_files/BINARY_ABC_RPTD.dat ./test_mountpoint
cp ./test_files/BINARY_00_FF_RPTD.dat ./test_mountpoint
umount ./test_mountpoint
losetup -d /dev/loop1
cryptsetup remove myMapper
losetup -d /dev/loop0
rm -rf ./test_mountpoint
Mounting the volume under FreeOTFE:
  1. Select "Linux | Mount..."
  2. Select the volume file
  3. "Key" tab:
  4. "Encryption" tab:
  5. "File options" tab:
  6. "Mount options" tab:
  7. Click the "OK" button


Example #7: Mounting a dm-crypt Volume Using 448 bit Blowfish Encryption, MD5 Password Hashing, and SHA-256 ESSIV

This example demonstrates use of a dm-crypt Blowfish 448 volume, with the user's password processed with MD5 and ESSIV using SHA-256.

Note that although the main cypher is Blowfish 448, Blowfish 256 is used as the IV cypher as the IV hash outputs 256 bytes

Creating the volume file under Linux:
dd if=/dev/zero of=./volumes/vol_blowfish_448_essivsha256_md5.vol bs=1K count=100
losetup /dev/loop0 ./volumes/vol_blowfish_448_essivsha256_md5.vol
echo password1234567890ABC | cryptsetup -c blowfish-cbc-essiv:sha256 -s 448 -h md5 create myMapper /dev/loop0
dmsetup ls
dmsetup table
dmsetup status
losetup /dev/loop1 /dev/mapper/myMapper
mkdosfs /dev/loop1
mkdir ./test_mountpoint
mount /dev/loop1 ./test_mountpoint
cp ./test_files/SHORT_TEXT.txt ./test_mountpoint
cp ./test_files/BINARY_ZEROS.dat ./test_mountpoint
cp ./test_files/BINARY_ABC_RPTD.dat ./test_mountpoint
cp ./test_files/BINARY_00_FF_RPTD.dat ./test_mountpoint
umount ./test_mountpoint
losetup -d /dev/loop1
cryptsetup remove myMapper
losetup -d /dev/loop0
rm -rf ./test_mountpoint
Mounting the volume under FreeOTFE:
  1. Select "Linux | Mount..."
  2. Select the volume file
  3. "Key" tab:
  4. "Encryption" tab:
  5. "File options" tab:
  6. "Mount options" tab:
  7. Click the "OK" button