LibreCrypt: Open-Source disk encryption for Windows
The latest version of this document can be found at the LibreCrypt project site
This section gives a series of examples of how to create Linux Cryptoloop (losetup) containers, and then open them using LibreCrypt.
These examples have been tested using SuSE 9.2; though they should work for all compatible Linux distributions.
To begin using Cryptoloop under Linux, ensure that the various kernel modules are installed:
modprobe cryptoloop modprobe deflate modprobe zlib_deflate modprobe twofish modprobe serpent modprobe aes_i586 modprobe blowfish modprobe des modprobe sha256 modprobe sha512 modprobe crypto_null modprobe md4 modprobe md5 modprobe arc4 modprobe khazad modprobe anubis
Typing "lsmod" will show you which modules are currently installed.
The examples shown below may then be followed to create and use various container files.
If not overridden by the user, Cryptoloop defaults to no encryption. If the user specifies that they do want encryption (i.e. passes "losetup" a "-e" parameter), Cryptoloop defaults to the following:
Cypher: | As specified by the user (no encryption takes place if no cypher is specified) | ||||||||
---|---|---|---|---|---|---|---|---|---|
Cypher keysize: | 128 bit | ||||||||
User key processed with: | The hash used to process the user's key is dependent on the cypher's keysize:
"Hash with "A"s, if hash output is too short" option - this option should not be selected; if the hash used outputs too few bits, its output is right-padded with 0x00 characters to the required length. |
||||||||
IV generation: | 32 bit sector ID |
This is the simplest form of Linux container file, and the recommended starting point for checking that LibreCrypt is operating correctly.
Creating the container file under Linux:
dd if=/dev/zero of=./vol_none bs=1k count=1024
losetup /dev/loop0 ./vol_none
mkdosfs /dev/loop0
mkdir ./test_mountpoint
mount /dev/loop0 ./test_mountpoint
echo "This is a text test file" > ./test_mountpoint/SHORT_TEXT.txt
umount /dev/loop0
losetup -d /dev/loop0
rm -rf ./test_mountpoint
Opening the container under LibreCrypt:
"Key" tab:
"Encryption" tab:
"File options" tab:
"Open options" tab:
Click the "OK" button
This is the second simplest form of Linux container file, and is the simplest case to confirm that passwords are being accepted and used correctly.
Creating the container file under Linux:
dd if=/dev/zero of=./vol_xor bs=1k count=1024
losetup -e XOR /dev/loop0 ./vol_xor
# Enter password: password1234567890ABC
mkdosfs /dev/loop0
mkdir ./test_mountpoint
mount /dev/loop0 ./test_mountpoint
echo "This is a text test file" > ./test_mountpoint/SHORT_TEXT.txt
umount /dev/loop0
losetup -d /dev/loop0
rm -rf ./test_mountpoint
Opening the container under LibreCrypt:
"Key" tab:
"Encryption" tab:
"File options" tab:
"Open options" tab:
Click the "OK" button
This example demonstrates use of a Linux AES128 container.
Creating the container file under Linux:
dd if=/dev/zero of=./vol_aes128 bs=1k count=1024
losetup -e AES128 /dev/loop0 ./vol_aes128
# Enter password: password1234567890ABC
mkdosfs /dev/loop0
mkdir ./test_mountpoint
mount /dev/loop0 ./test_mountpoint
echo "This is a text test file" > ./test_mountpoint/SHORT_TEXT.txt
umount /dev/loop0
losetup -d /dev/loop0
rm -rf ./test_mountpoint
Opening the container under LibreCrypt:
This example demonstrates use of a dm-crypt AES256 container.
Creating the container file under Linux:
dd if=/dev/zero of=./vol_aes256 bs=1k count=1024
losetup -e AES256 /dev/loop0 ./vol_aes256
# Enter password: password1234567890ABC
mkdosfs /dev/loop0
mkdir ./test_mountpoint
mount /dev/loop0 ./test_mountpoint
echo "This is a text test file" > ./test_mountpoint/SHORT_TEXT.txt
umount /dev/loop0
losetup -d /dev/loop0
rm -rf ./test_mountpoint
Opening the container under LibreCrypt:
"Key" tab:
Make sure that the "Hash with "A"s, if hash output is too short" is not checked.
Leave iteration count at 0
"Encryption" tab:
Select the "AES (CBC; 256/128)" cypher
Select the "32 bits sector IV" IV generation method
Set "Sector zero location" to "Start of host file"
This example demonstrates use of a Linux AES256 container using the rmd160 hash to process the user's password instead of the default SHA hash.
WARNING: Note that this example uses the "rmd160" and not "ripemd160" hash.
Creating the container file under Linux:
dd if=/dev/zero of=./vol_aes256_rmd160 bs=1k count=1024
losetup -e AES256 -H rmd160 /dev/loop0 ./vol_aes256_rmd160
# Enter password: password1234567890ABC
mkdosfs /dev/loop0
mkdir ./test_mountpoint
mount /dev/loop0 ./test_mountpoint
echo "This is a text test file" > ./test_mountpoint/SHORT_TEXT.txt
cp TEST_FILE_1.dat ./test_mountpoint
cp TEST_FILE_2.dat ./test_mountpoint
cp TEST_FILE_3.dat ./test_mountpoint
umount /dev/loop0
losetup -d /dev/loop0
rm -rf ./test_mountpoint
Opening the container under LibreCrypt:
"Key" tab:
Make sure that the "Hash with "A"s, if hash output is too short" is not checked.
Leave iteration count at 0
"Encryption" tab:
Select the "AES (CBC; 256/128)" cypher
Select the "32 bits sector IV" IV generation method
Set "Sector zero location" to "Start of host file"
This example demonstrates use of a Linux AES256 container with seeding. The seed used here is the string "seedvalue"
Creating the container file under Linux:
dd if=/dev/zero of=./vol_aes256_seeded bs=1k count=1024
losetup -e AES256 -S seedvalue /dev/loop0 ./vol_aes256_seeded
# Enter password: password1234567890ABC
losetup -a
mkdosfs /dev/loop0
mkdir ./test_mountpoint
mount /dev/loop0 ./test_mountpoint
echo "This is a text test file" > ./test_mountpoint/SHORT_TEXT.txt
cp TEST_FILE_1.dat ./test_mountpoint
cp TEST_FILE_2.dat ./test_mountpoint
cp TEST_FILE_3.dat ./test_mountpoint
umount /dev/loop0
losetup -d /dev/loop0
rm -rf ./test_mountpoint
Opening the container under LibreCrypt:
"Key" tab:
Make sure that the "Hash with "A"s, if hash output is too short" is not checked.
Leave iteration count at 0
"Encryption" tab:
Select the "32 bits sector IV" IV generation method
Set "Sector zero location" to "Start of host file"
1. "File options" tab:
This example demonstrates use of a Linux AES256 container, with the encrypted container beginning at an offset of 2560 bytes into the container file.
Creating the container file under Linux:
dd if=/dev/zero of=./vol_aes256_2560 bs=1k count=1024
losetup -e AES256 -o 2560 /dev/loop0 ./vol_aes256_2560
# Enter password: password1234567890ABC
mkdosfs /dev/loop0
mkdir ./test_mountpoint
mount /dev/loop0 ./test_mountpoint
echo "This is a text test file" > ./test_mountpoint/SHORT_TEXT.txt
umount /dev/loop0
losetup -d /dev/loop0
rm -rf ./test_mountpoint
Opening the container under LibreCrypt:
"Key" tab:
"Encryption" tab:
Select the "32 bits sector IV" IV generation method
Set "Sector zero location" to "Start of host file"
"File options" tab:
"Open options" tab:
* Select any unused drive letter
* Leave readonly unchecked
Click the "OK" button
This example demonstrates use of a Linux Twofish 256 bit container.
Creating the container file under Linux:
dd if=/dev/zero of=./vol_twofish256 bs=1k count=1024
losetup -e twofish256 /dev/loop0 ./vol_twofish256
# Enter password: password1234567890ABC
losetup -a
mkdosfs /dev/loop0
mkdir ./test_mountpoint
mount /dev/loop0 ./test_mountpoint
echo "This is a text test file" > ./test_mountpoint/SHORT_TEXT.txt
umount /dev/loop0
losetup -d /dev/loop0
rm -rf ./test_mountpoint
Opening the container under LibreCrypt:
"Key" tab:
Select the "SHA-512 (512/1024)" hash
Make sure that the "Hash with "A"s, if hash output is too short" is not checked.
Leave iteration count at 0
"Encryption" tab:
Select the "32 bits sector IV" IV generation method
Set "Sector zero location" to "Start of host file"
"File options" tab:
Leave offset at 0
Leave sizelimit at 0
"Open options" tab:
Click the "OK" button