331.3 - Encrypted File Systems
Key Knowledge Areas:
- Understand block device and file system encryption
- Use dm-crypt with LUKS1 to encrypt block devices
- Use eCryptfs to encrypt file systems, including home directories and PAM integration
- Awareness of plain dm-crypt
- Awareness of LUKS2 features
- Conceptual understanding of Clevis for LUKS devices and Clevis PINs for TPM2 and Network Bound Disk Encryption (NBDE)/Tang
The following is a partial list of the used files, terms and utilities:
- cryptsetup (including relevant subcommands)
- cryptmount
- /etc/crypttab
- ecryptfsd
- ecryptfs-* commands
- mount.ecryptfs, umount.ecryptfs
- pam_ecryptfs
Files
/etc/crypttab
Describes encrypted block devices which are set up during boot.
Utilities
cryptsetup
Set up disk encryption based on the dm-crypt kernel module in one of the following formats:
- plain
- Linux Unified Key Setup (LUKS)
- loop-AES
- TrueCrypt (including VeraCrypt)
- BitLocker
- FileVault2
Some common subcommands:
[--hash, --cipher, --verify-passphrase, --key-file, --key-size, --offset, --skip, --readonly] create <name> <device>: create a mapping with<name>backed by device<device>remove <name>: remove an existing mapping<name>status <name>: report the status for the mapping<name>resize <name> [--size]: resize an active mapping<name>, if--size(in sectors) is omitted, the size of the underlying block device is used
And LUKS-specific subcommands:
[--cipher, --verify-passphrase, --key-size, --key-slot, --key-file (takes precedence over optional second argument), --keyfile-size, --use-random | --use-urandom, --uuid] luksFormat <device> [<key file>]: initialize a LUKS partition and set the initial key, either via prompting or via<key file>[--key-file, --keyfile-size, --readonly] luksOpen <device> <name>(alias for:open --type luks <device> <name>): open the LUKS partition<device>and set up a mapping<name>after successful verification of the supplied key material (either via key file, or via prompting).luksClose <name>: identical toremoveluksSuspend <name>: suspend active device (all I/O operations are frozen) and wipe encryption key from kernel
(WARNING: Never attempt to suspend the device that holds the cryptsetup binary itself.)[--key-file, --keyfile-size] luksResume <name>: Resume suspended device and reinstate encryption key. You will need provide passphrase identical toluksOpencommand (using prompting or key file).[--key-file, --keyfile-size, --new-keyfile-size, --key-slot] luksAddKey <device> [<new key file>]: Add a new key file/passphrase. An existing passphrase or key file must be supplied. The key file with the new material is supplied as a positional argument.luksRemoveKey <device> [<key file>]: remove supplied key or key file from LUKS device[--key-file, --keyfile-size] luksKillSlot <device> <key slot number>: Wipe key with number<key slot>from LUKS device. A remaining passphrase or key file must be supplied.[--uuid] luksUUID <device>: Print UUID, if<device>has a LUKS header. Set new UUID if--uuidoption is specified.isLuks <device>: return true, if<device>is a LUKS partition, otherwise false[--dump-master-key, --key-file, --keyfile-size] luksDump <device>: dump the header information of a LUKS partition, if--dump-master-keyoption is used, the volume (master) key is dumped instead of keyslot infoluksHeaderBackup <device> --header-backup-file <file>: store binary backup of LUKS header and keyslot areas
(WARNING: With this backup file (and old passphrase knowledge) you can decrypt data even if old passphrase was wiped from real device.)luksHeaderRestore <device> --header-backup-file <file>: restore binary backup of LUKS header and keyslot areas from specified file
(WARNING: All the keyslot areas are overwritten, only active keyslots from backup file are available after issuing this command.)
cryptmount
Mount an encrypted filesystem (e.g., LUKS volumes created by cryptsetup) without requiring superuser privileges.
ecryptfsd
Daemon for eCryptfs, a POSIX-compliant enterprise cryptographic stacked filesystem for Linux. It is a userspace daemon that runs as the user performing file operations under the eCryptfs mount point.
ecryptfs-* commands
- ecryptfs-generate-tpm-key: generate an eCryptfs key for TPM hardware
- ecryptfs-insert-wrapped-passphrase-into-keyring: unwrap a wrapped passphrase from file and insert into the kernel keyring
- ecryptfs-manager: eCryptfs key manager
- ecryptfs-mount-private: interactive eCryptfs private mount wrapper script
- ecryptfs-recover-private: find and mount any encrypted private directories
- ecryptfs-rewrap-passphrase: unwrap an eCryptfs wrapped passphrase, rewrap it with a new passphrase, and write it back to file
- ecryptfs-rewrite-file: force a file to be rewritten (reencrypted) in the lower filesystem
- ecryptfs-setup-private: setup an eCryptfs private directory
- ecryptfs-setup-swap: ensure that any swap space is encrypted
- ecryptfs-stat: Present statistics on encrypted eCryptfs file attributes
- ecryptfs-umount-private: eCryptfs private unmount wrapper script
- ecryptfs-unwrap-passphrase: unwrap an eCryptfs mount passphrase from file
- ecryptfs-wrap-passphrase: wrap an eCryptfs mount passphrase
mount.ecryptfs, umount.ecryptfs
These are eCrypt (u)mount helpers, called by mount -t ecryptfs/umount.
pam_ecryptfs
PAM module for eCryptfs which can unwrap an eCryptfs mount passphrase using the login passphrase through the unwrap option.
Example
To unwrap a mount passphrase and automatically mount a private directory on login:
# /etc/pam.d/common-auth:
auth required pam_ecryptfs.so unwrap
# /etc/pam.d/common-session:
session optional pam_ecryptfs.so unwrap
Notes
plain dm-crypt
Plain format is just that: It has no metadata on disk, reads all parameters from the commandline (or the defaults), derives a volume-key from the passphrase and then uses that to de-/encrypt the sectors of the device, with a direct 1:1 mapping between encrypted and decrypted sectors.
Primary advantage is high resilience to damage, as one damaged encrypted sector results in exactly one damaged decrypted sector. Also, it is not readily apparent that there even is encrypted data on the device, as an overwrite with crypto-grade randomness (e.g., from /dev/urandom) looks exactly the same on disk.
Disadvantages are that you do not have all the nice features that the LUKS metadata offers, like multiple passphrases that can be changed, the cipher being stored in the metadata, anti-forensic properties like key-slot diffusion and salts, etc.
LUKS2 features
There are two versions of LUKS, with LUKS2 featuring resilience to header corruption, and using the Argon2 key derivation function by default, whereas LUKS1 uses PBKDF2. Conversion between both versions of LUKS is possible in certain situations, but some features may not be available with LUKS1 such as Argon2. LUKS2 uses JSON as a metadata format.
Clevis
Clevis is a pluggable framework for automated decryption. It can be used to provide automated decryption of data or even automated unlocking of LUKS volumes.
In clevis terminology, a pin is a plugin which implements automated decryption.
LUKS devices
Clevis can be used to bind a LUKS volume using a pin so that it can be automatically unlocked.
How this works is rather simple. We generate a new, cryptographically strong key. This key is added to LUKS as an additional passphrase. We then encrypt this key using Clevis, and store the output JWE inside the LUKS header using LUKSMeta.
PINs for TPM2
Clevis provides support to encrypt a key in a Trusted Platform Module 1.2 (TPM1) and 2.0 (TPM2) chips. The cryptographically-strong, random key used for encryption is encrypted using the TPM chip, and is decrypted using TPM at the time of decryption to allow clevis to decrypt the secret stored in the JWE.
PINs for Network Bound Disk Encryption (NBDE)/Tang
Tang is a server implementation which provides cryptographic binding services without the need for an escrow. Clevis has full support for Tang.