Key Knowledge Areas:

  • Understand block device and file system encryption
  • Use dm-crypt with LUKS1 to encrypt block devices
  • Use eCryptfs to encrypt file systems, including home directories and PAM integration
  • Awareness of plain dm-crypt
  • Awareness of LUKS2 features
  • Conceptual understanding of Clevis for LUKS devices and Clevis PINs for TPM2 and Network Bound Disk Encryption (NBDE)/Tang

The following is a partial list of the used files, terms and utilities:

  • cryptsetup (including relevant subcommands)
  • cryptmount
  • /etc/crypttab
  • ecryptfsd
  • ecryptfs-* commands
  • mount.ecryptfs, umount.ecryptfs
  • pam_ecryptfs

Files

/etc/crypttab

Describes encrypted block devices which are set up during boot.

Utilities

cryptsetup

Set up disk encryption based on the dm-crypt kernel module in one of the following formats:

  • plain
  • Linux Unified Key Setup (LUKS)
  • loop-AES
  • TrueCrypt (including VeraCrypt)
  • BitLocker
  • FileVault2

Some common subcommands:

  • [--hash, --cipher, --verify-passphrase, --key-file, --key-size, --offset, --skip, --readonly] create <name> <device>: create a mapping with <name> backed by device <device>
  • remove <name>: remove an existing mapping <name>
  • status <name>: report the status for the mapping <name>
  • resize <name> [--size]: resize an active mapping <name>, if --size (in sectors) is omitted, the size of the underlying block device is used

And LUKS-specific subcommands:

  • [--cipher, --verify-passphrase, --key-size, --key-slot, --key-file (takes precedence over optional second argument), --keyfile-size, --use-random | --use-urandom, --uuid] luksFormat <device> [<key file>]: initialize a LUKS partition and set the initial key, either via prompting or via <key file>
  • [--key-file, --keyfile-size, --readonly] luksOpen <device> <name> (alias for: open --type luks <device> <name>): open the LUKS partition <device> and set up a mapping <name> after successful verification of the supplied key material (either via key file, or via prompting).
  • luksClose <name>: identical to remove
  • luksSuspend <name>: suspend active device (all I/O operations are frozen) and wipe encryption key from kernel
    (WARNING: Never attempt to suspend the device that holds the cryptsetup binary itself.)
  • [--key-file, --keyfile-size] luksResume <name>: Resume suspended device and reinstate encryption key. You will need provide passphrase identical to luksOpen command (using prompting or key file).
  • [--key-file, --keyfile-size, --new-keyfile-size, --key-slot] luksAddKey <device> [<new key file>]: Add a new key file/passphrase. An existing passphrase or key file must be supplied. The key file with the new material is supplied as a positional argument.
  • luksRemoveKey <device> [<key file>]: remove supplied key or key file from LUKS device
  • [--key-file, --keyfile-size] luksKillSlot <device> <key slot number>: Wipe key with number <key slot> from LUKS device. A remaining passphrase or key file must be supplied.
  • [--uuid] luksUUID <device>: Print UUID, if <device> has a LUKS header. Set new UUID if --uuid option is specified.
  • isLuks <device>: return true, if <device> is a LUKS partition, otherwise false
  • [--dump-master-key, --key-file, --keyfile-size] luksDump <device>: dump the header information of a LUKS partition, if --dump-master-key option is used, the volume (master) key is dumped instead of keyslot info
  • luksHeaderBackup <device> --header-backup-file <file>: store binary backup of LUKS header and keyslot areas
    (WARNING: With this backup file (and old passphrase knowledge) you can decrypt data even if old passphrase was wiped from real device.)
  • luksHeaderRestore <device> --header-backup-file <file>: restore binary backup of LUKS header and keyslot areas from specified file
    (WARNING: All the keyslot areas are overwritten, only active keyslots from backup file are available after issuing this command.)

cryptmount

Mount an encrypted filesystem (e.g., LUKS volumes created by cryptsetup) without requiring superuser privileges.

ecryptfsd

Daemon for eCryptfs, a POSIX-compliant enterprise cryptographic stacked filesystem for Linux. It is a userspace daemon that runs as the user performing file operations under the eCryptfs mount point.

ecryptfs-* commands

mount.ecryptfs, umount.ecryptfs

These are eCrypt (u)mount helpers, called by mount -t ecryptfs/umount.

pam_ecryptfs

PAM module for eCryptfs which can unwrap an eCryptfs mount passphrase using the login passphrase through the unwrap option.

Example

To unwrap a mount passphrase and automatically mount a private directory on login:

# /etc/pam.d/common-auth:
auth    required        pam_ecryptfs.so unwrap

# /etc/pam.d/common-session:
session optional        pam_ecryptfs.so unwrap

Notes

plain dm-crypt

Plain format is just that: It has no metadata on disk, reads all parameters from the commandline (or the defaults), derives a volume-key from the passphrase and then uses that to de-/encrypt the sectors of the device, with a direct 1:1 mapping between encrypted and decrypted sectors.

Primary advantage is high resilience to damage, as one damaged encrypted sector results in exactly one damaged decrypted sector. Also, it is not readily apparent that there even is encrypted data on the device, as an overwrite with crypto-grade randomness (e.g., from /dev/urandom) looks exactly the same on disk.

Disadvantages are that you do not have all the nice features that the LUKS metadata offers, like multiple passphrases that can be changed, the cipher being stored in the metadata, anti-forensic properties like key-slot diffusion and salts, etc.

LUKS2 features

There are two versions of LUKS, with LUKS2 featuring resilience to header corruption, and using the Argon2 key derivation function by default, whereas LUKS1 uses PBKDF2. Conversion between both versions of LUKS is possible in certain situations, but some features may not be available with LUKS1 such as Argon2. LUKS2 uses JSON as a metadata format.

Clevis

Clevis is a pluggable framework for automated decryption. It can be used to provide automated decryption of data or even automated unlocking of LUKS volumes.

In clevis terminology, a pin is a plugin which implements automated decryption.

LUKS devices

Clevis can be used to bind a LUKS volume using a pin so that it can be automatically unlocked.

How this works is rather simple. We generate a new, cryptographically strong key. This key is added to LUKS as an additional passphrase. We then encrypt this key using Clevis, and store the output JWE inside the LUKS header using LUKSMeta.

PINs for TPM2

Clevis provides support to encrypt a key in a Trusted Platform Module 1.2 (TPM1) and 2.0 (TPM2) chips. The cryptographically-strong, random key used for encryption is encrypted using the TPM chip, and is decrypted using TPM at the time of decryption to allow clevis to decrypt the secret stored in the JWE.

PINs for Network Bound Disk Encryption (NBDE)/Tang

Tang is a server implementation which provides cryptographic binding services without the need for an escrow. Clevis has full support for Tang.