User's guide to partman-crypto
Hi,
I wrote a new section for d-i manual about using encryption. This was
greatly revised by David Hardeman and Max Vozeler and now we'd like to
receive some feedback from others. (Especially about the used English.)
Docbook source is attached.
Thanks for any comments!
--
Miroslav Kure
P.S. I plan to commit the file to d-i svn later this week, probably on
friday evening.
<!-- retain these comments for translator revision tracking -->
<!-- $Id: partman-crypto.xml 33725 2006-01-03 19:39:07Z mck-guest $ -->
<sect3 id="partman-crypto">
<title>Configuring Encrypted Volumes</title>
<para>
&d-i; allows you to set up encrypted partitions. Every file you write
to such a partition is immediately saved to the device in encrypted
form. Access to the encrypted data is granted only after entering
the <firstterm>passphrase</firstterm> used when the encrypted
partition was originally created. This feature is useful to protect
sensitive data in case your laptop or hard drive gets stolen. The
thief might get physical access to the hard drive, but without knowing
the right passphrase, the data on the hard drive will look like random
characters.
</para><para>
The two most important partitions to encrypt are: the home partition,
where your private data resides, and the swap partition, where
sensitive data might be stored temporarily during operation. Of
course, nothing prevents you from encrypting any other partition that might
be of interest, for example database servers, mail servers or print
servers store their data in <filename>/var</filename>, various
programs put interesting temporary files in <filename>/tmp</filename>,
etc. Some people may even want to encrypt their whole system. The only
exception is the <filename>/boot</filename> partition, which must
remain unencrypted, because currently there is no way to load the
kernel from an encrypted partition.
</para><note><para>
Please note that the performance of encrypted partitions will be
less than that of unencrypted ones because the data needs to be
decrypted or encrypted for every read or write. The performance impact
depends on your CPU speed, chosen cipher and a key length.
</para></note><para>
To use encryption, you have to create new partition by selecting some
free space in the main partitioning menu. Another possibility is to
choose an existing partition (e.g. a regular partition, LVM logical
volume or a RAID volume). In the <guimenu>Partition setting</guimenu>
menu, you need to change the first option to
read <menuchoice> <guimenu>Use as:</guimenu>
<guimenuitem>physical volume for encryption</guimenuitem>
</menuchoice>. The menu will then change to include several different
cryptographic options for the partition.
</para><para>
Currently &d-i; supports several encryption methods. The default
method is <firstterm>dm-crypt</firstterm> (included in newer Linux
kernels, able to host LVM physical volumes), the other
is <firstterm>loop-AES</firstterm> (older, maintained separately from
the Linux kernel tree). Unless you have compelling reasons to do
otherwise, it is recommended to use the default.
<!-- TODO: link to the "Debian block device encryption guide"
once Max writes it :-) -->
</para><para>
First, lets have a look at available options when you have selected
<userinput>Device-mapper (dm-crypt)</userinput> as the encryption
method. As always: when in doubt, use the defaults, because they have
been carefully chosen with security in mind.
<variablelist>
<varlistentry>
<term>Encryption: <userinput>aes</userinput></term>
<listitem><para>
This option lets you select the encryption algorithm
(<firstterm>cipher</firstterm>) which will be used to encrypt the data
on the partition. &d-i; currently supports the following block
ciphers: <firstterm>aes</firstterm>, <firstterm>blowfish</firstterm>,
<firstterm>serpent</firstterm>, and <firstterm>twofish</firstterm>.
It is beyond the scope of this document to discuss the qualities of
these different algorithms, however, it might help your decision to
know that in 2000, <emphasis>AES</emphasis> was chosen by the American
National Institute of Standards and Technology as the standard
encryption algorithm for protecting sensitive information in the 21st
century.
</para></listitem>
</varlistentry>
<varlistentry>
<term>Key size: <userinput>256</userinput></term>
<listitem><para>
Here you can specify the length of the encryption key. With a larger
key size, the strength of the encryption is generally improved. On the
other hand, increasing the length of the key usually has a negative
impact on performance. Available key sizes vary depending on the
cipher.
</para></listitem>
</varlistentry>
<varlistentry>
<term>IV algorithm: <userinput>cbc-essiv:sha256</userinput></term>
<listitem><para>
The <firstterm>Initialization Vector</firstterm> or
<firstterm>IV</firstterm> algorithm is used in cryptography to ensure
that applying the cipher on the same <firstterm>clear text</firstterm>
data with the same key always produces unique
<firstterm>cipher text</firstterm>. The idea is to prevent the
attacker from deducing information from repeated patterns in the encrypted
data.
</para><para>
>From the provided alternatives, the default
<userinput>cbc-essiv:sha256</userinput> is currently the least
vulnerable to known attacks. Use the other alternatives only when you
need to ensure compatibility with some previously installed system
that is not able to use newer algorithms.
</para></listitem>
</varlistentry>
<varlistentry>
<term>Encryption key: <userinput>Passphrase</userinput></term>
<listitem><para>
Here you can choose the type of the encryption key for this partition.
<variablelist>
<varlistentry>
<term>Passphrase</term>
<listitem><para>
The encryption key will be computed<footnote>
<para>
Using a passphrase as the key currently means that the partition will
be setup using <ulink url="&url-luks;">LUKS</ulink>.
</para></footnote> on the basis of a passphrase which you will be able
to enter later in the process.
</para></listitem>
</varlistentry>
<varlistentry>
<term>Random key</term>
<listitem><para>
A new encryption key will be generated from random data each time you
try to bring up the encrypted partition. In other words: on every
shutdown the content of the partition will be lost as the key is
deleted from memory. (Of course, you could try to guess the key with a
brute force attack, but unless there is an unknown weakness in the
cipher algorithm, it is not achievable in our lifetime.)
</para><para>
Random keys are useful for swap partitions because you do not need to
bother yourself with remembering the passphrase or wiping sensitive
information from the swap partition before shutting down your
computer. However, it also means that you will not be able to use the
<quote>suspend-to-disk</quote> functionality offered by newer Linux
kernels as it will be impossible (during a subsequent boot) to recover
the suspended data written to the swap partition.
</para></listitem>
</varlistentry>
</variablelist>
</para></listitem>
</varlistentry>
<varlistentry>
<term>Erase data: <userinput>yes</userinput></term>
<listitem><para>
Whether the content of this partition should be overwritten with
random data before setting up the encryption. This is recommended
because it might otherwise be possible for an attacker to discern
which parts of the partition are in use and which are not. In
addition, this will make it harder to recover any leftover data from
previous installations.<footnote><para>
It is believed that the guys from three-letter agencies can restore
the data even after several rewrites of the magnetooptical media,
though.
</para></footnote>
</para></listitem>
</varlistentry>
</variablelist>
</para><para>
If you select <menuchoice> <guimenu>Encryption method:</guimenu>
<guimenuitem>Loopback (loop-AES)</guimenuitem> </menuchoice>, the menu
changes to provide the following options:
<variablelist>
<varlistentry>
<term>Encryption: <userinput>AES256</userinput></term>
<listitem><para>
Unlike the dm-crypt, loop-AES has the options for cipher and key size
combined, so you can select both at the same time. Please see the
above sections on ciphers and key sizes for further information.
</para></listitem>
</varlistentry>
<varlistentry>
<term>Encryption key: <userinput>Keyfile (GnuPG)</userinput></term>
<listitem><para>
Here you can choose the type of the encryption key for this partition.
<variablelist>
<varlistentry>
<term>Keyfile (GnuPG)</term>
<listitem><para>
The encryption key will be generated from random data during the
installation. Moreover this key will be encrypted
with <application>GnuPG</application>, so to use it, you will need to
enter the proper passphrase (you will be asked to provide one later in
the process).
</para></listitem>
</varlistentry>
<varlistentry>
<term>Random key</term>
<listitem><para>
Please see the the section on random keys above.
</para></listitem>
</varlistentry>
</variablelist>
</para></listitem>
</varlistentry>
<varlistentry>
<term>Erase data: <userinput>yes</userinput></term>
<listitem><para>
Please see the the section on erasing data above.
</para></listitem>
</varlistentry>
</variablelist>
</para><para>
After you have selected the desired parameters for your encrypted
partitions, return back to the main partitioning menu. There should
now be a new menu item called <guimenu>Configure encrypted
volumes</guimenu>. After you select it, you will be asked to confirm
the deletion of data on partitions marked to be erased and possibly
other actions such as writing a new partition table. On large
partitions this might take some time.
</para><para>
Next you will be asked to enter a passphrase for partitions configured
to use one. Good passphrases should be longer than 8 characters,
should be a mixture of letters, numbers and other characters and
should not contain common dictionary words or information easily
associable with you (such as birthdates, hobbies, pet names, names of
family members or relatives, etc.).
</para><tip><para>
Before you input any passphrases, you should have made sure that your
keyboard is configured correctly and generates the expected
characters. If you are unsure, you can switch to the second virtual
console and type some text at the prompt. This ensures that you won't be
surprised later, e.g. by trying to input a passphrase using a qwerty
keyboard layout when you used an azerty layout during the installation.
</para></tip><para>
If you selected to use methods other than a passphrase to create
encryption keys, they will be generated now. Because the kernel may
not have gathered a sufficient amount of entropy at this early stage
of the installation, the process may take a long time. You could speed
up the process by generating entropy: e.g. by pressing random keys on
the keyboard, or by switching to the shell on the second virtual console
and generating some network and disk traffic (downloading some files,
feeding big files into <filename>/dev/null</filename>, etc.).
<!-- TODO: Mention hardware random generators when we will support
them -->
This will be repeated for each partition to be encrypted.
</para><para>
After returning to the main partitioning menu, you will see all
encrypted volumes as additional partitions which can be configured in
the same way as ordinary partitions. Now is the time to create
filesystems on them, assign them mount points, and, once you are
pleased with the partitioning scheme, continue with the installation.
</para><para>
If everything went well, after the installation finishes and you
boot your new system, you should be asked to enter the passphrases for
your encrypted volumes after which the boot should continue as usual.
</para>
</sect3>
Reply to: