LibreCrypt: Open-Source disk encryption for Windows
The latest version of this document can be found at the LibreCrypt project site
This section gives a series of examples of how to create Linux LUKS containers, and then open them using LibreCrypt.
These examples have been tested using Fedora Core 3, with a v2.6.20.1 kernel installed and using cryptsetup v1.0; though they should work for all compatible Linux distributions.
To begin using LUKS under Linux, ensure that the various kernel modules are installed:
modprobe cryptoloop modprobe aes modprobe anubis modprobe arc4 modprobe blkcipher modprobe blowfish modprobe cast5 modprobe cast6 modprobe cbc modprobe crc32c modprobe crypto_algapi modprobe crypto_hash modprobe cryptomgr modprobe crypto_null modprobe deflate modprobe des modprobe ecb modprobe gf128mul modprobe hmac modprobe khazad modprobe lrw modprobe md4 modprobe md5 modprobe michael_mic modprobe serpent modprobe sha1 modprobe sha256 modprobe sha512 modprobe tea modprobe tgr192 modprobe twofish_common modprobe twofish modprobe wp512 modprobe xcbc **# dm_mod should give you dm_snapshot, dm_zero and dm_mirror?** modprobe dm_mod modprobe dm_crypt
At this point, typing "dmsetup targets" should give you something along the lines of:
crypt v1.0.0 striped v1.0.1 linear v1.0.1 error v1.0.1
Typing "lsmod" will show you which modules are currently installed.
If not overridden by the user, LUKS defaults to encrypting with:
Cypher: | AES |
---|---|
Cypher keysize: | 128 bit |
Cypher mode: | cbc-plain |
Hash: | SHA-1 |
This example demonstrates use of a LUKS container using the LUKS's default encryption system: AES128 with the user's password hashed with SHA1, using 32 bit sector IDs as encryption IVs
Creating the container file under Linux:
dd if=/dev/zero of=./containers/vol_default.vol bs=1M count=1
losetup /dev/loop0 ./containers/vol_default.vol
echo password1234567890ABC | cryptsetup luksFormat /dev/loop0
cryptsetup luksDump /dev/loop0
echo password1234567890ABC | cryptsetup luksOpen /dev/loop0 myMapper
dmsetup ls
dmsetup table
dmsetup status
cryptsetup status myMapper
losetup /dev/loop1 /dev/mapper/myMapper
mkdosfs /dev/loop1
mkdir ./test_mountpoint
mount /dev/loop1 ./test_mountpoint
cp ./test_files/SHORT_TEXT.txt ./test_mountpoint
cp ./test_files/BINARY_ZEROS.dat ./test_mountpoint
cp ./test_files/BINARY_ABC_RPTD.dat ./test_mountpoint
cp ./test_files/BINARY_00_FF_RPTD.dat ./test_mountpoint
umount ./test_mountpoint
losetup -d /dev/loop1
cryptsetup luksClose myMapper
losetup -d /dev/loop0
rm -rf ./test_mountpoint
Opening the container under LibreCrypt:
This example demonstrates use of a LUKS AES256 container.
Creating the container file under Linux:
dd if=/dev/zero of=./containers/vol_aes_256.vol bs=1M count=1 losetup /dev/loop0 ./containers/vol_aes_256.vol echo password1234567890ABC | cryptsetup -c aes -s 256 luksFormat /dev/loop0 cryptsetup luksDump /dev/loop0 echo password1234567890ABC | cryptsetup luksOpen /dev/loop0 myMapper dmsetup ls dmsetup table dmsetup status cryptsetup status myMapper losetup /dev/loop1 /dev/mapper/myMapper mkdosfs /dev/loop1 mkdir ./test_mountpoint mount /dev/loop1 ./test_mountpoint cp ./test_files/SHORT_TEXT.txt ./test_mountpoint cp ./test_files/BINARY_ZEROS.dat ./test_mountpoint cp ./test_files/BINARY_ABC_RPTD.dat ./test_mountpoint cp ./test_files/BINARY_00_FF_RPTD.dat ./test_mountpoint umount ./test_mountpoint losetup -d /dev/loop1 cryptsetup luksClose myMapper losetup -d /dev/loop0 rm -rf ./test_mountpoint
Opening the container under LibreCrypt:
This example demonstrates use of a LUKS Twofish 128 container.
Creating the container file under Linux:
dd if=/dev/zero of=./containers/vol_twofish.vol bs=1M count=1
losetup /dev/loop0 ./containers/vol_twofish.vol
echo password1234567890ABC | cryptsetup -c twofish luksFormat /dev/loop0
cryptsetup luksDump /dev/loop0
echo password1234567890ABC | cryptsetup luksOpen /dev/loop0 myMapper
dmsetup ls
dmsetup table
dmsetup status
cryptsetup status myMapper
losetup /dev/loop1 /dev/mapper/myMapper
#cat ./test_files/2MB_Z.dat > /dev/loop1
#cat ./test_files/2MB_0x00.dat > /dev/loop1
mkdosfs /dev/loop1
mkdir ./test_mountpoint
mount /dev/loop1 ./test_mountpoint
cp ./test_files/SHORT_TEXT.txt ./test_mountpoint
cp ./test_files/BINARY_ZEROS.dat ./test_mountpoint
cp ./test_files/BINARY_ABC_RPTD.dat ./test_mountpoint
cp ./test_files/BINARY_00_FF_RPTD.dat ./test_mountpoint
umount ./test_mountpoint
losetup -d /dev/loop1
cryptsetup luksClose myMapper
losetup -d /dev/loop0
rm -rf ./test_mountpoint
Opening the container under LibreCrypt:
This example demonstrates use of a LUKS AES 256 container in XTS mode.
Creating the container file under Linux:
dd if=/dev/zero of=./containers/vol_aes_xts.vol bs=5M count=1
losetup /dev/loop0 ./containers/vol_aes_xts.vol
echo password1234567890ABC | cryptsetup -c aes-xts-plain64 -s 512 luksFormat /dev/loop0
cryptsetup luksDump /dev/loop0
echo password1234567890ABC | cryptsetup luksOpen /dev/loop0 myMapper
dmsetup ls
dmsetup table
dmsetup status
cryptsetup status myMapper
losetup /dev/loop1 /dev/mapper/myMapper
#cat ./test_files/2MB_Z.dat > /dev/loop1
#cat ./test_files/2MB_0x00.dat > /dev/loop1
mkdosfs /dev/loop1
mkdir ./test_mountpoint
mount /dev/loop1 ./test_mountpoint
cp ./test_files/SHORT_TEXT.txt ./test_mountpoint
cp ./test_files/BINARY_ZEROS.dat ./test_mountpoint
cp ./test_files/BINARY_ABC_RPTD.dat ./test_mountpoint
cp ./test_files/BINARY_00_FF_RPTD.dat ./test_mountpoint
umount ./test_mountpoint
losetup -d /dev/loop1
cryptsetup luksClose myMapper
losetup -d /dev/loop0
rm -rf ./test_mountpoint
Opening the container under LibreCrypt:
This example demonstrates use of a LUKS Serpent 256 container in XTS mode.
Creating the container file under Linux:
dd if=/dev/zero of=./containers/vol_serpent_xts.vol bs=5M count=1
losetup /dev/loop0 ./containers/vol_serpent_xts.vol
echo password1234567890ABC | cryptsetup -c serpent-xts-plain64 -s 512 luksFormat /dev/loop0
cryptsetup luksDump /dev/loop0
echo password1234567890ABC | cryptsetup luksOpen /dev/loop0 myMapper
dmsetup ls
dmsetup table
dmsetup status
cryptsetup status myMapper
losetup /dev/loop1 /dev/mapper/myMapper
#cat ./test_files/2MB_Z.dat > /dev/loop1
#cat ./test_files/2MB_0x00.dat > /dev/loop1
mkdosfs /dev/loop1
mkdir ./test_mountpoint
mount /dev/loop1 ./test_mountpoint
cp ./test_files/SHORT_TEXT.txt ./test_mountpoint
cp ./test_files/BINARY_ZEROS.dat ./test_mountpoint
cp ./test_files/BINARY_ABC_RPTD.dat ./test_mountpoint
cp ./test_files/BINARY_00_FF_RPTD.dat ./test_mountpoint
umount ./test_mountpoint
losetup -d /dev/loop1
cryptsetup luksClose myMapper
losetup -d /dev/loop0
rm -rf ./test_mountpoint
Opening the container under LibreCrypt: