dm-crypt is a transparentblock device encryptionsubsystem inLinux kernel versions 2.6 and later and inDragonFly BSD. It is part of thedevice mapper (dm) infrastructure, and uses cryptographic routines from the kernel'sCrypto API. Unlike its predecessorcryptoloop, dm-crypt was designed to support advanced modes of operation, such asXTS,LRW andESSIV, in order to avoidwatermarking attacks.[1] In addition to that, dm-crypt addresses some reliability problems of cryptoloop.[2]
dm-crypt is implemented as a device mapper target and may be stacked on top of other device mapper transformations. It can thus encrypt whole disks (includingremovable media),partitions,software RAID volumes,logical volumes, as well asfiles. It appears as a block device, which can be used to backfile systems,swap or as anLVMphysical volume.
SomeLinux distributions support the use of dm-crypt on the root file system. These distributions useinitrd to prompt the user to enter a passphrase at the console, or insert asmart card prior to the normal boot process.[3]
The dm-crypt device mapper target resides entirely in kernel space, and is only concerned with encryption of theblock device – it does not interpret any data itself. It relies onuser spacefront-ends to create and activate encrypted volumes, and manage authentication. At least two frontends are currently available:cryptsetup andcryptmount.
| Original author(s) | Jana Saout, Clemens Fruhwirth, Milan Broz[4] |
|---|---|
| Stable release | |
| Repository | https://gitlab.com/cryptsetup/cryptsetup |
| Written in | C |
| Operating system | Unix-like |
| Platform | x86,x86-64,ARMv8,ARMv7,ppc64le,MIPS |
| Size | 7 MB |
| Available in | 16 languages[6] |
List of languages English, Portuguese, Chinese (Simplified), Czech, Danish, Dutch, Finnish, French, German, Italian, Japanese, Polish, Russian, Spanish, Swedish, Ukrainian | |
| Type | Disk encryption software |
| License | GPLv2[7] Sub-Libraries: LGPLv2.1+[8] |
| Website | gitlab |
Thecryptsetup command-line interface, by default, does not write any headers to the encrypted volume, and hence only provides the bare essentials: encryption settings have to be provided every time the disk is mounted (although usually employed with automated scripts), and only onekey can be used per volume; thesymmetric encryption key is directly derived from the suppliedpassphrase.
Because it lacks a "salt", using cryptsetup is less secure in this mode than is the case withLinux Unified Key Setup (LUKS).[9] However, the simplicity of cryptsetup makes it useful when combined with third-party software, for example, withsmart card authentication.
cryptsetup also provides commands to deal with the LUKS on-disk format. This format provides additional features such askey management andkey stretching (usingPBKDF2), and remembers encrypted volume configuration across reboots.[3][10]
Thecryptmount interface is an alternative to the "cryptsetup" tool that allows any user tomount and unmount a dm-crypt file system when needed, without needingsuperuser privileges after the device has been configured by a superuser.
The fact that disk encryption (volume encryption) software like dm-crypt only deals with transparent encryption of abstractblock devices gives it a lot of flexibility. This means that it can be used for encrypting any disk-backedfile systems supported by theoperating system, as well asswap space;write barriers implemented by file systems are preserved.[11][12] Encrypted volumes can be stored ondisk partitions,logical volumes, whole disks as well asfile-backeddisk images (through the use ofloop devices with the losetup utility). dm-crypt can also be configured to encryptRAID volumes andLVM physical volumes.
dm-crypt can also be configured to providepre-boot authentication through aninitrd, thus encrypting all the data on a computer – except the bootloader, the kernel and the initrd image itself.[3]
When using thecipher block chaining (CBC) mode of operation with predictableinitialization vectors as other disk encryption software, the disk is vulnerable towatermarking attacks. This means that an attacker is able to detect the presence of specially crafted data on the disk. To address this problem in its predecessors, dm-crypt included provisions for more elaborate, disk encryption-specific modes of operation.[1] Support forESSIV (encrypted salt-sector initialization vector) was introduced in Linux kernel version 2.6.10,LRW in 2.6.20 andXTS in 2.6.24. Awide-block disk encryption algorithm,Adiantum, was added in 5.0, and its AES-based cousin HCTR2 in 6.0.
The Linux Crypto API includes support for most popularblock ciphers andhash functions, which are all usable with dm-crypt.
Crypted FS support include LUKS (versions 1 and 2) volumes,loop-AES,TrueCrypt/VeraCrypt (since Linux kernel 3.13),[13][14][15] andBitLocker-encrypted NTFS (since cryptsetup 2.3.0).[16] TrueCrypt/VeraCrypt (TCRYPT) and BitLocker (BITLK) support require the kernel userspace crypto API.[17]
dm-crypt and LUKS encrypted disks can be accessed and used under MS Windows using the now defunctFreeOTFE (formerly DoxBox, LibreCrypt), provided that the filesystem used is supported by Windows (e.g.FAT/FAT32/NTFS). Encryptedext2 andext3 filesystems are supported by usingExt2Fsd or so-called "Ext2 Installable File System for Windows";[18] FreeOTFE also supports them.
Cryptsetup/LUKS and the required infrastructure have also been implemented on the DragonFly BSD operating system.[19]
cryptsetup(8) – Linux Programmer'sManual – Administration and Privileged Commands| Linux kernel | |
|---|---|
| Controversies | |
| Distributions | |
| Organizations | |
| Adoption | |
| Media | |
| Professional related certifications | |
