Dm-crypt

cryptsetup
Original author(s)	Jana Saout, Clemens Fruhwirth, Milan Broz
Stable release	2.7.5 / 3 September 2024;3 months ago
Repository	https://gitlab.com/cryptsetup/cryptsetup
Written in	C
Operating system	Unix-like
Platform	x86, x86-64, ARMv8, ARMv7, ppc64le, MIPS
Size	7 MB
Available in	16 languages
	List of languages English, Portuguese, Chinese (Simplified), Czech, Danish, Dutch, Finnish, French, German, Italian, Japanese, Polish, Russian, Spanish, Swedish, Ukrainian
Type	Disk encryption software
License	GPLv2 ; Sub-Libraries:; LGPLv2.1+
Website	gitlab.com/cryptsetup/cryptsetup/wikis/DMCrypt

Last updated December 04, 2024

dm-crypt is a transparent block device encryption subsystem in Linux kernel versions 2.6 and later and in DragonFly BSD. It is part of the device mapper (dm) infrastructure, and uses cryptographic routines from the kernel's Crypto API. Unlike its predecessor cryptoloop, dm-crypt was designed to support advanced modes of operation, such as XTS, LRW and ESSIV, in order to avoid watermarking attacks.^[1] In addition to that, dm-crypt addresses some reliability problems of cryptoloop.^[2]

dm-crypt is implemented as a device mapper target and may be stacked on top of other device mapper transformations. It can thus encrypt whole disks (including removable media), partitions, software RAID volumes, logical volumes, as well as files. It appears as a block device, which can be used to back file systems, swap or as an LVM physical volume.

Some Linux distributions support the use of dm-crypt on the root file system. These distributions use initrd to prompt the user to enter a passphrase at the console, or insert a smart card prior to the normal boot process.^[3]

Frontends

The dm-crypt device mapper target resides entirely in kernel space, and is only concerned with encryption of the block device – it does not interpret any data itself. It relies on user space front-ends to create and activate encrypted volumes, and manage authentication. At least two frontends are currently available: cryptsetup and cryptmount.

cryptsetup

The cryptsetup command-line interface, by default, does not write any headers to the encrypted volume, and hence only provides the bare essentials: encryption settings have to be provided every time the disk is mounted (although usually employed with automated scripts), and only one key can be used per volume; the symmetric encryption key is directly derived from the supplied passphrase.

Because it lacks a "salt", using cryptsetup is less secure in this mode than is the case with Linux Unified Key Setup (LUKS).^[9] However, the simplicity of cryptsetup makes it useful when combined with third-party software, for example, with smart card authentication.

cryptsetup also provides commands to deal with the LUKS on-disk format. This format provides additional features such as key management and key stretching (using PBKDF2), and remembers encrypted volume configuration across reboots.^[3]^[10]

cryptmount

The cryptmount interface is an alternative to the "cryptsetup" tool that allows any user to mount and unmount a dm-crypt file system when needed, without needing superuser privileges after the device has been configured by a superuser.

Features

The fact that disk encryption (volume encryption) software like dm-crypt only deals with transparent encryption of abstract block devices gives it a lot of flexibility. This means that it can be used for encrypting any disk-backed file systems supported by the operating system, as well as swap space; write barriers implemented by file systems are preserved.^[11]^[12] Encrypted volumes can be stored on disk partitions, logical volumes, whole disks as well as file-backed disk images (through the use of loop devices with the losetup utility). dm-crypt can also be configured to encrypt RAID volumes and LVM physical volumes.

dm-crypt can also be configured to provide pre-boot authentication through an initrd, thus encrypting all the data on a computer – except the bootloader, the kernel and the initrd image itself.^[3]

When using the cipher block chaining (CBC) mode of operation with predictable initialization vectors as other disk encryption software, the disk is vulnerable to watermarking attacks. This means that an attacker is able to detect the presence of specially crafted data on the disk. To address this problem in its predecessors, dm-crypt included provisions for more elaborate, disk encryption-specific modes of operation.^[1] Support for ESSIV (encrypted salt-sector initialization vector) was introduced in Linux kernel version 2.6.10, LRW in 2.6.20 and XTS in 2.6.24. A wide-block disk encryption algorithm, Adiantum, was added in 5.0, and its AES-based cousin HCTR2 in 6.0.

The Linux Crypto API includes support for most popular block ciphers and hash functions, which are all usable with dm-crypt.

Crypted FS support include LUKS (versions 1 and 2) volumes, loop-AES, TrueCrypt/VeraCrypt (since Linux kernel 3.13),^[13]^[14]^[15] and BitLocker-encrypted NTFS (since cryptsetup 2.3.0).^[16] TrueCrypt/VeraCrypt (TCRYPT) and BitLocker (BITLK) support require the kernel userspace crypto API.^[17]

Compatibility

dm-crypt and LUKS encrypted disks can be accessed and used under MS Windows using the now defunct FreeOTFE (formerly DoxBox, LibreCrypt), provided that the filesystem used is supported by Windows (e.g. FAT/FAT32/NTFS). Encrypted ext2 and ext3 filesystems are supported by using Ext2Fsd or so-called "Ext2 Installable File System for Windows";^[18] FreeOTFE also supports them.

Cryptsetup/LUKS and the required infrastructure have also been implemented on the DragonFly BSD operating system.^[19]

Related Research Articles

ext2, or second extended file system, is a file system for the Linux kernel. It was initially designed by French software developer Rémy Card as a replacement for the extended file system (ext). Having been designed according to the same principles as the Berkeley Fast File System from BSD, it was the first commercial-grade filesystem for Linux.

CrossCrypt is an open-source on-the-fly encryption program for the Microsoft Windows XP/2000 operating systems. CrossCrypt allows a user to make virtual drives which encrypt any files stored on them, making the encryption process seamless to the user.

TrueCrypt is a discontinued source-available freeware utility used for on-the-fly encryption (OTFE). It can create a virtual encrypted disk within a file, encrypt a partition, or encrypt the whole storage device.

In cryptography and steganography, plausibly deniable encryption describes encryption techniques where the existence of an encrypted file or message is deniable in the sense that an adversary cannot prove that the plaintext data exists.

Disk encryption software is a computer security software that protects the confidentiality of data stored on computer media by using disk encryption.

In Linux, Logical Volume Manager (LVM) is a device mapper framework that provides logical volume management for the Linux kernel. Most modern Linux distributions are LVM-aware to the point of being able to have their root file systems on a logical volume.

The device mapper is a framework provided by the Linux kernel for mapping physical block devices onto higher-level virtual block devices. It forms the foundation of the logical volume manager (LVM), software RAIDs and dm-crypt disk encryption, and offers additional features such as file system snapshots.

In Linux systems, initrd is a scheme for loading a temporary root file system into memory, to be used as part of the Linux startup process. initrd and initramfs refer to two different methods of achieving this. Both are commonly used to make preparations before the real root file system can be mounted.

Disk encryption is a special case of data at rest protection when the storage medium is a sector-addressable device. This article presents cryptographic aspects of the problem. For an overview, see disk encryption. For discussion of different software packages and hardware devices devoted to this problem, see disk encryption software and disk encryption hardware.

EncFS is a Free (LGPL) FUSE-based cryptographic filesystem. It transparently encrypts files, using an arbitrary directory as storage for the encrypted files.

FreeOTFE is a discontinued open source computer program for on-the-fly disk encryption (OTFE). On Microsoft Windows, and Windows Mobile, it can create a virtual drive within a file or partition, to which anything written is automatically encrypted before being stored on a computer's hard or USB drive. It is similar in function to other disk encryption programs including TrueCrypt and Microsoft's BitLocker.

Cryptoloop is a Linux kernel's disk encryption module that relies on the Crypto API, which is a cryptography framework introduced in version 2.5.45 of the Linux kernel mainline. Cryptoloop was first introduced in the 2.5.x kernel series; its functionality was later incorporated into the device mapper, a generic framework used to map one block device onto another.

The Linux Unified Key Setup (LUKS) is a disk encryption specification created by Clemens Fruhwirth in 2004 and originally intended for Linux.

Disk encryption is a technology which protects information by converting it into code that cannot be deciphered easily by unauthorized people or processes. Disk encryption uses disk encryption software or hardware to encrypt every bit of data that goes on a disk or disk volume. It is used to prevent unauthorized access to data storage.

BestCrypt, developed by Jetico, is a commercial disk encryption app available for Windows, Linux, macOS and Android.

This is a technical feature comparison of different disk encryption software.

Btrfs is a computer storage format that combines a file system based on the copy-on-write (COW) principle with a logical volume manager, developed together. It was created by Chris Mason in 2007 for use in Linux, and since November 2013, the file system's on-disk format has been declared stable in the Linux kernel.

There are various implementations of the Advanced Encryption Standard, also known as Rijndael.

eCryptfs is a package of disk encryption software for Linux. Its implementation is a POSIX-compliant filesystem-level encryption layer, aiming to offer functionality similar to that of GnuPG at the operating system level, and has been part of the Linux kernel since version 2.6.19.

References

1 2 Fruhwirth, Clemens (18 July 2005). "New Methods in Hard Disk Encryption" (PDF). Vienna University of Technology . Retrieved 22 August 2024.
↑ Peters, Mike. "Encrypting partitions using dm-crypt and the 2.6 series kernel". Linux.com . Archived from the original on 11 July 2012. Retrieved 22 August 2024.
1 2 3 W. Michael Petullo (2007-01-18). "Disk encryption in Fedora: Past, present and future". Red Hat Magazine. Archived from the original on 2008-10-10. Retrieved 2007-04-20.
↑ "AUTHORS". GitLab. Retrieved 7 September 2019.
1 2 "docs · master · cryptsetup / cryptsetup". GitLab. Retrieved 10 October 2024.
↑ "The cryptsetup textual domain". Translation Project. Retrieved 7 September 2019.
↑ "COPYING". GitLab. Retrieved 7 September 2019.
↑ "COPYING.LGPL". GitLab. Retrieved 7 September 2019.
↑ "cryptsetup FAQ".
↑ Clemens Fruhwirth (2004-07-15). "TKS1 – An anti-forensic, two level, and iterated key setup scheme" (PDF). Draft. Retrieved 2006-12-12.
↑ Milan Broz (2012-04-24). "[dm-crypt] Does dm-crypt support journaling filesystem transactional guarantees?". saout.de. Retrieved 2014-07-08.
↑ Mikulas Patocka (2009-06-22). "kernel/git/torvalds/linux.git". Linux kernel source tree. kernel.org. Retrieved 2014-07-08.
↑ "dm-crypt: Linux kernel device-mapper crypto target – IV generators". cryptsetup. 2014-01-11. Retrieved 2015-04-05.
↑ "dm-crypt: Linux kernel device-mapper crypto target" . Retrieved 2015-04-05.
↑ "[dm-devel][PATCH 2/2] dm-crypt: Add TCW IV mode for old CBC TCRYPT containers". redhat.com. Retrieved 2014-06-17.
↑ Trefny, Vojtech (25 Jan 2020). BitLocker disk encryption on Linux (PDF). DevConf CZ.
↑ cryptsetup(8) – Linux Programmer's Manual – Administration and Privileged Commands
↑ "Ext2 IFS For Windows". fs-driver.org. Retrieved 15 February 2015.
↑ Alex Hornung (2010-07-23). "HEADS UP: dm, lvm, cryptsetup and initrd on master".

External links

Official dm-crypt , cryptsetup-luks and cryptmount websites
All about dm-crypt and LUKS on one page (on archive.org) – a page covering dm-crypt/LUKS, starting with theory and ending with many practical examples about its usage.

This page is based on this Wikipedia article
Text is available under the CC BY-SA 4.0 license; additional terms may apply.
Images, videos and audio are available under their respective licenses.

[new-methods-1] 1 2 Fruhwirth, Clemens (18 July 2005). "New Methods in Hard Disk Encryption" (PDF). Vienna University of Technology . Retrieved 22 August 2024.

[2] Peters, Mike. "Encrypting partitions using dm-crypt and the 2.6 series kernel". Linux.com . Archived from the original on 11 July 2012. Retrieved 22 August 2024.

[crypt-fedora-3] 1 2 3 W. Michael Petullo (2007-01-18). "Disk encryption in Fedora: Past, present and future". Red Hat Magazine. Archived from the original on 2008-10-10. Retrieved 2007-04-20.

[4] "AUTHORS". GitLab. Retrieved 7 September 2019.

[cryptsetup-5] 1 2 "docs · master · cryptsetup / cryptsetup". GitLab. Retrieved 10 October 2024.

[6] "The cryptsetup textual domain". Translation Project. Retrieved 7 September 2019.

[7] "COPYING". GitLab. Retrieved 7 September 2019.

[8] "COPYING.LGPL". GitLab. Retrieved 7 September 2019.

[9] "cryptsetup FAQ".

[tks1-10] Clemens Fruhwirth (2004-07-15). "TKS1 – An anti-forensic, two level, and iterated key setup scheme" (PDF). Draft. Retrieved 2006-12-12.

[11] Milan Broz (2012-04-24). "[dm-crypt] Does dm-crypt support journaling filesystem transactional guarantees?". saout.de. Retrieved 2014-07-08.

[12] Mikulas Patocka (2009-06-22). "kernel/git/torvalds/linux.git". Linux kernel source tree. kernel.org. Retrieved 2014-07-08.

[13] "dm-crypt: Linux kernel device-mapper crypto target – IV generators". cryptsetup. 2014-01-11. Retrieved 2015-04-05.

[14] "dm-crypt: Linux kernel device-mapper crypto target" . Retrieved 2015-04-05.

[15] "[dm-devel][PATCH 2/2] dm-crypt: Add TCW IV mode for old CBC TCRYPT containers". redhat.com. Retrieved 2014-06-17.

[16] Trefny, Vojtech (25 Jan 2020). BitLocker disk encryption on Linux (PDF). DevConf CZ.

[17] cryptsetup(8) – Linux Programmer's Manual – Administration and Privileged Commands

[18] "Ext2 IFS For Windows". fs-driver.org. Retrieved 15 February 2015.

[19] Alex Hornung (2010-07-23). "HEADS UP: dm, lvm, cryptsetup and initrd on master".

[1]

[2]

[3]

[4]

[5]

[6]

[7]

[8]

[9]

[10]

[11]

[12]

[13]

[14]

[15]

[16]

[17]

[18]

[19]

v t e Linux
Linux kernel	History Linus's law Linux-libre Booting process Kernel oops Tux more…
Controversies	Criticism of Linux Criticism of desktop Linux GNU/Linux naming controversy Tanenbaum–Torvalds debate SCO and Linux
Distributions	General comparison Distributions list Netbook-specific comparison Distributions that run from RAM Lightweight Security-focused operating system Package manager Package format List of software package managers
Organizations	LinuxChix Linux Counter Linux Documentation Project Linux Foundation Linux Mark Institute Linux User Group (LUG)
Adoption	Adopters Desktop Embedded Gaming Mobile Range of use Linux malware
Media	DistroWatch Free Software Magazine Full Circle Hacker Public Radio Linux.com Linux Format Linux Gazette Linux Journal Linux Magazine LinuxUser Ubuntu User Linux Outlaws Linux Voice LugRadio LWN.net Phoronix Revolution OS The Code
Professional related certifications	CompTIA Linux+ Linux Foundation Red Hat Ubuntu
Linuxportal Free and open-source softwareportal Category