I was just curious if someone had a high level overview of how a system like LUKS worked for full disk encryption, aka. how it stores keys and how those keys are verified, and if data is de-crypted by a wrapper for all standard i/o. I found a brief description of how LUKS hooks into the init process here Full System encryption with LUKS on headless server – unlock with dropbear and busybox. How?
Ubuntu – How does LUKS work
encryptionlukslvmpartitioning
Related Solutions
I've just been through this on my new home server, it took a lot of googling and guessing, but I've got it working. I'll attempt to reproduce the steps here. I'm using Ubuntu Server 11.10, and started with a pretty much standard install using encrypted LVM, so I'll just relate the changes I made from there.
Setup:
- /dev/sda1 is my unencrypted /boot partition
- /dev/sda5 is my lvm partition which contains everything else -- root, swap, and home
- /dev/sdc1 is the partition on my USB flash drive where I'll store the keyfile
First, I created a keyfile, just in my home directory:
dd if=/dev/urandom of=keyfile bs=512 count=4
(you can use a larger blocksize or count for a larger key)
Tell cryptsetup the new key (it's the contents that are important, not the filename):
sudo cryptsetup luksAddKey /dev/sda5 keyfile
Then, I formatted my USB flash drive with ext2 and gave it a label. I used a label, so that later I can mount it by label, and replace the USB flash drive in case something goes wrong with it.
sudo mkfs -t ext2 /dev/sdc1
sudo e2label /dev/sdc1 KEYS
(of course, your device will vary)
Now, copy the keyfile to the USB flash drive, owned by root mode 400:
mkdir KEYS
sudo mount /dev/sdc1 KEYS
sudo cp keyfile KEYS
sudo chown root KEYS/keyfile
sudo chmod 400 KEYS/keyfile
Modify /etc/crypttab. Mine originally contained
sd5_crypt UUID=(...) none luks
which I changed to
sd5_crypt UUID=(...) /dev/disk/by-label/KEYS:/keyfile luks,keyscript=/lib/cryptsetup/scripts/passdev
Finally, update the initramfs:
sudo update-initramfs -uv
It now boots using the keyfile on the USB flash drive. If I remove the flash drive (say, when I go on holiday) it doesn't boot and my data is secure.
If anyone knows how to get it to ask for the passphrase if the USB flash drive is missing, that would be handy as a fallback. Hope this helps, any additions or corrections would be more than welcome!
Ubuntu – Full System encryption with LUKS on headless server – unlock with dropbear and busybox. How
This is more a comment than an answer, sorry. But since you didn't get any replies yet, I wanted to write something anyway.
As for how does it even work:
In the Initramfs you usually have one master process (usually a busybox based /init
shell script) which is responsible for making the root partition available before handing off the boot process to the real init system of your Ubuntu install.
In case of dropbear
in Initramfs, that is a separate process started by /init
. Logging into dropbear you get a shell which is yet another process. All the while the original /init
has to be running and waiting for something, in this case the LUKS password.
So what the /init
script most likely does here, once it started dropbear, is create a named pipe, or fifo, i.e. the /lib/cryptsetup/passfifo
. And then it reads from that named pipe. This read will block until there actually is something to read, so that's how /init
hangs and waits for input.
Then some years later you log into dropbear
and do your echo passphrase > /lib/cryptsetup/passfifo
, at which point /init
wakes up from its slumber and resumes to unlock LUKS and go on with the rest of the boot process.
And that's basically the general idea of how it works. If there is no documentation for it you would have to read the shell script.
As for a GPG encrypted key in Initramfs, I'm sure this is the standard method in Ubuntu somehow, probably to be set up via /etc/crypttab
. Did you check the wiki for a howto?
It certainly would require GPG to be included in the Initramfs. but I outlined an alternative approach here which could be made to work without additional dependencies:
How do I use dm-crypt (LUKS) with GnuPG to use two-factor for FDE?
The problem with this is of course that it is not standard, so while it could be simpler in theory it might actually be harder to set up.
Related Question
- Ubuntu – How to configure LVM & LUKS to autodecrypt partition
- Ubuntu – Full System encryption with LUKS on headless server – unlock with dropbear and busybox. How
- Ubuntu – Unable to ssh remote unlock encrypted ubuntu server 15.04 using dropbear/initramfs
- Remote LUKS Decryption – Fix Ubuntu Not Booting into Busybox with Dropbear
Best Answer
Luks is an encryption layer on a block device, so it operates on a particular block device, and exposes a new block device which is the decrypted version. Access to this device will trigger transparent encryption/decryption while it's in use.
It's typically used on either a disk partition, or a LVM physical volume which would allow multiple partitions in the same encrypted container.
LUKs stores a bunch of metadata at the start of the device. It has slots for multiple passphrases. Each slot has a 256 bit salt that is shown in the clear along with an encrypted message. When entering a passphrase LUKS combines it with each of the salts in turn, hashing the result and tries to use the result as keys to decrypt an encrypted message in each slot. This message consists of some known text, and a copy of the master key. If it works for any one of the slots, because the known text matches, the master key is now known and you can decrypt the entire container. The master key must remain unencrypted in RAM while the container is in use.
Knowing the master key allows you access to all the data in the container, but doesn't reveal the passwords in the password slots, so one user cannot see the passwords of other users.
The system is not designed for users to be able to see the master key while in operation, and this key can't be changed without re-encrypting. The use of password slots, however, means that passwords can be changed without re-encrypting the entire container, and allows for use of multiple passwords.