[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

loop-AES on Debian etch (was: Linux distro w/loop-aes)

To: linux-crypto@xxxxxxxxxxxx
Subject: loop-AES on Debian etch (was: Linux distro w/loop-aes)
From: Max Vozeler <max@xxxxxxxxxxxx>
Date: Mon, 9 Apr 2007 02:36:43 +0200
In-reply-to: <20070329115918.GA29232@chapus.net>
List-archive: <http://mail.nl.linux.org/linux-crypto/>
List-help: <mailto:ecartis@nl.linux.org?Subject=help>
List-id: <linux-crypto.nl.linux.org>
List-owner: <mailto:ecartis-owner@nl.linux.org>
List-post: <mailto:linux-crypto@nl.linux.org>
List-software: Ecartis version 1.0.0
List-subscribe: <mailto:linux-crypto-request@nl.linux.org?Subject=subscribe>
List-unsubscribe: <mailto:linux-crypto-request@nl.linux.org?Subject=unsubscribe>
Mail-followup-to: linux-crypto@nl.linux.org
References: <73cfbf220703282034j1cd8072bm343cfb6cb1767fb2@mail.gmail.com> <20070329102806.GC7866@black-sun.demon.co.uk> <20070329115918.GA29232@chapus.net>
Sender: linux-crypto-bounce@xxxxxxxxxxxx

Hey all,

I realize I'm a bit late; I'll provide some details about 
the loop-AES support in the new Debian release.

On Thu, Mar 29, 2007 at 07:59:18AM -0400, Eloy Paris wrote:
> I haven't used a recent version of the Debian Installer for etch
> (Debian's upcoming new release) but I believe that it now supports
> setting up encrypted partitions at installation time, which would
> save a lot of trouble and pain.

That's true. The Debian etch (4.0) installer includes support
for loop-AES by default.  :-)

 o loop-AES encryption is integrated in the debian-installer
   partitioning tool (partman). Non-root filesystems, /tmp and 
   swap can be configured on loop-AES encrypted devices.

 o Available ciphers: Twofish, Serpent, AES; One can choose 
   between passphrase-protected GnuPG keyfiles (created during
   the installation) and random one-time keys.

 o The installer makes sure that no non-encrypted swap space is
   configured along with encrypted partitions and warns about 
   short passphrases (< 20 characters)

 o Documented in the "Etch installation guide" 
   http://www.debian.org/releases/stable/installmanual

 o dm-crypt and LUKS are supported, too.

Notable missing features:

 o Root filesystem can't be stored on loop-AES encrypted device
   (work in progress, Debian bug #378488)

 o Keyfiles: Pre-existing GnuPG keyfiles can't be used yet and
   it's not yet possible to store GnuPG keyfiles on removable
   media (usb key, floppy, etc.)

 o The installer doesn't allow choice of a different symmetric 
   cipher for GnuPG encryption (currently uses CAST5)

On an installed Debian etch system, several packages are
provided for use of loop-AES:

 o loop-aes-modules-* - Those are pre-built kernel modules 
   for the standard Debian kernels. They are available for
   all supported architectures and kernel flavours (flavours
   are vserver, xen, etc.)

 o loop-aes-source - Package of the loop-AES source code
   (including ciphers) for use with module-assistant, 
   make-kpkg or manual build. This package can be used to
   create loop-AES module packages for non-standard kernels.

 o loop-aes-testsuite - Package of the loop-AES (+ciphers)
   test suite as provided in the upstream Makefile. The tests
   can be run using the loop-aes-runtests(8) command.

 o loop-aes-utils - Includes /bin/mount, /bin/umount, 
   /sbin/swapon and /sbin/losetup with loop-AES support. The
   package also includes a small script to assist with key
   file creation (loop-aes-keygen) and an init script that
   tries to fsck filesystems on loop-AES encrypted partitions 
   before mouting them during boot.

 o aespipe - Simple Debian packaging of aespipe.

As usual, feel free to contact me with questions and problems
you encounter using loop-AES on Debian. You can contact the 
loop-AES Team at pkg-loop-aes-maint@xxxxxxxxxxxxxxxxxxxxxxx or 
contact me at xam@xxxxxxxxxxx There will always be something
which can be improved, so your feedback is appreciated :-)

cheers,
Max

-
Linux-crypto:  cryptography in and on the Linux system
Archive:       http://mail.nl.linux.org/linux-crypto/

Prev by Date: FROM MISS ANGELA
Next by Date: loop-aes and busybox/initramfs-hook
Previous by thread: FROM MISS ANGELA
Next by thread: loop-aes and busybox/initramfs-hook
Index(es):
- Date
- Thread