[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

[PATCH] live filesystem encryption support

Hi list!


Here's my set of patches that add support for loop-AES encryption
of casper/filesystem.{squashfs,ext2} so that live-package users can
easily build live CD/USB systems with sensitive data on them and
risk nothing if the media is stolen or lost (provided that the AES key
is strong enough).

Why loop-AES and not dm-crypt, LUKS or whatever instead?
Well, Casper already uses a loop device to mount the live filesystem,
so adding loop-AES support is just about adding one more flag to
losetup, while dm-crypt for example would add one more virtual device
etc, which did not sound that good to me performance-wise. And
remember: if you really want Debian Live to support your prefered
crypto system, you're free to implement it ;)

Why loop-AES without GnuPG?
IMO, encrypting the AES key inside a GPG key only makes sense
when the GPG key is not stored on the same media as the encrypted
filesystem. For example, it's a good idea when you have an AES
encrypted filesystem on a removable storage device and the AES key
to that filesystem encrypted with GPG on your *fixed* harddrive: that
way, if you lose your removable device then the person who finds it
will have nothing to bruteforce apart from the strong AES key, and if
other users on your computer somehow get access to your
GPG-protected AES key on your harddrive, well, they can try to
bruteforce your passphrase but they won't have the AES filesystem
to decrypt... If an attacker manages to get both your GPG-protected
AES key and to steal your AES-encrypted removable storage device,
you're really out of luck or something is really wrong with your security
policy ;) Anyway, on the live filesystem it would make no sense to
have a GPG-protected AES key since an attacker would as much
bruteforce your GPG passphrase as (s)he would bruteforce your
personally-chosen AES key.

Now, in order to apply the patches and test them, all you have to do is
"tar jxvf encryption.tar.bz2" somewhere (preferably not where there's an
existing debian-live/ directory) enter the encryption/ directory, and run
"sudo ./test.sh" ... After a while it will ask you (twice) the password you
want to set for your encrypted filesystem. Once ./test.sh completed, boot
this new Debian Live in VMware (or whatever), and you will be asked this
password again somewhere along the boot process. That's all! :)


Regards,

-- 
Sebastien Raveau
-------------- next part --------------
A non-text attachment was scrubbed...
Name: encryption.tar.bz2
Type: application/x-bzip2
Size: 17886 bytes
Desc: not available
Url : http://lists.alioth.debian.org/pipermail/debian-live-devel/attachments/20070215/d13337c0/encryption.tar-0001.bin
Reply to: