LUKS Disk Encryption

Linux Unified Key Setup-on-disk-format (or LUKS) allows you to encrypt partitions on your Linux

computer. This is particularly important when it comes to mobile computers and removable media. LUKS allows multiple user keys to decrypt a master key which is used for the bulk encryption of the partition.

Overview of LUKS What LUKS does

LUKS encrypts entire block devices and is therefore well-suited for protecting the contents of mobile devices such as removable storage media or laptop disk drives.

The underlying contents of the encrypted block device are arbitrary. This makes it useful for encrypting swap devices. This can also be useful with certain databases that use specially formatted block devices for data storage.

LUKS uses the existing device mapper kernel subsystem.

LUKS provides passphrase strengthening which protects against dictionary attacks.

LUKS devices contain multiple key slots, allowing users to add backup keys/passphrases.

What LUKS does not do:

LUKS is not well-suited for applications requiring many (more than eight) users to have distinct access keys to the same device.

LUKS is not well-suited for applications requiring file-level encryption.

3.2.4.1. LUKS Implementation in Red Hat Enterprise Linux

Red Hat Enterprise Linux 6 utilizes LUKS to perform file system encryption. By default, the option to encrypt the file system is unchecked during the installation. If you select the option to encrypt your hard drive, you will be prompted for a passphrase that will be asked every time you boot the computer. This passphrase "unlocks" the bulk encryption key that is used to decrypt your partition. If you choose to modify the default partition table you can choose which partitions you want to encrypt. This is set in the partition table settings.

The default cipher used for LUKS (refer to cryptsetup --help) is aes-cbc-essiv:sha256. Note that the installation program, Anaconda, uses by default the AES cipher in XTS mode, aes-xts-plain64. The default key size for LUKS is 256 bits. The default key size for LUKS with Anaconda (XTS mode) is 512 bits.

Warning

Changing the default cryptographic attributes can affect your system's performance and expose your system to various security risks. You should not change the default cryptographic attributes of your system without good knowledge of cryptography and understanding to the capabilities of the used cipher combinations.

Red Hat strongly recommends using the default ciphers. If you need to use another than the default cipher, you can initialize your partition with the --cipher and --key-size options. The syntax of the command is the following:

cryptsetup --verify-passphrase --cipher <cipher>-<mode>-<iv> --key-size <key-size> luksFormat <device>

where <cipher>-<mode>-<iv> is a string representing the used cipher. The string consists of three parts: a block cipher, block cipher mode, and an initial vector (IV).

A block cipher is a deterministic algorithm that operates on data blocks and allows encryption and decryption of bulk data. Block ciphers that are available on Red Hat Enterprise Linux are:

AES — Advanced Encryption Standard, a 128-bit symmetric block cipher using encryption keys with lengths of 128, 192, and 256 bits; for more information, refer to the FIPS PUB 197.

Twofish — A 128-bit block cipher operating with encryption keys of the range from 128 bits to 256 bits.

Serpent — A 128-bit block cipher operating with 128-bit, 192-bit and 256-bit encryption keys.

cast5 — A 64-bit Feistel cipher supporting encryption keys of the range from 40 to 128 bits; for more information, refer to the RFC 2144.

cast6 — A 128-bit Feistel cipher using 128-bit, 160-bit, 192-bit, 224-bit, or 256-bit encryption keys; for

more information, refer to the RFC 2612.

Block cipher mode describes a way the block cipher is repeatedly applied on bulk data in order to encrypt or decrypt the data securely. The following modes can be used:

CBC — Cipher Block Chaining; for more information, refer to the NIST SP 800-38A.

XTS — XEX Tweakable Block Cipher with Ciphertext Stealing; for more information, refer to the IEEE 1619, or NIST SP 800-38E.

CTR — Counter; for more information, refer to the NIST SP 800-38A.

ECB — Electronic Codebook; for more information, refer to the NIST SP 800-38A.

CFB — Cipher Feedback; for more information, refer to the NIST SP 800-38A.

OFB — Output Feedback; for more information, refer to the NIST SP 800-38A.

An initial vector is a block of data used for ciphertext randomization. IV ensures that repeated encryption of the same plain text provides different ciphertext output. IV must not be reused with the same

encryption key. For ciphers in CBC mode, IV must be unpredictable, otherwise the system could become vulnerable to certain watermarking attacks (see LUKS/cryptsetup FAQ for more information).

Red Hat recommends using the following IV with AES:

ESSIV — Encrypted Salt-Sector Initialization Vector - This IV should be used for ciphers in CBC mode. You should use the default hash: sha256.

plain64 (or plain) — IV sector offset - This IV should be used for ciphers in XTS mode.

You may also specify the length of the used encryption key. The size of the key depends on the used combination of the block cipher and block cipher mode. If you do not specify the key length, LUKS will use the default value for the given combination. For example: if you decide to use a 128-bit key for AES in CBC mode, LUKS will encrypt your partition using the AES-128 implementation, while specifying a 512-bit key for AES in XTS mode means that the AES-256 implementation will be used. Note that XTS mode operates with two keys, the first is determined for tweakable encryption and the second for regular encryption.

3.2.4.2. Manually Encrypting Directories

Warning

Following this procedure will remove all data on the partition that you are encrypting. You WILL lose all your information! Make sure you backup your data to an external source before beginning this procedure!

1. Enter runlevel 1 by typing the following at a shell prompt as root:

telinit 1

2. Unmount your existing /hom e:

umount /home

3. If the command in the previous step fails, use fuser to find processes hogging /hom e and kill them:

fuser -mvk /home

4. Verify /hom e is no longer mounted:

grep home /proc/mounts

5. Fill your partition with random data:

shred -v --iterations=1 /dev/VG00/LV_home

This command proceeds at the sequential write speed of your device and may take some time to complete. It is an important step to ensure no unencrypted data is left on a used device, and to obfuscate the parts of the device that contain encrypted data as opposed to just random data.

6. Initialize your partition:

cryptsetup --verbose --verify-passphrase luksFormat /dev/VG00/LV_home

7. Open the newly encrypted device:

cryptsetup luksOpen /dev/VG00/LV_home home

8. Make sure the device is present:

ls -l /dev/mapper | grep home

9. Create a file system:

mkfs.ext3 /dev/mapper/home

10. Mount the file system:

mount /dev/mapper/home /home

11. Make sure the file system is visible:

df -h | grep home

12. Add the following to the /etc/crypttab file:

home /dev/VG00/LV_home none

13. Edit the /etc/fstab file, removing the old entry for /hom e and adding the following line:

/dev/mapper/home /home ext3 defaults 1 2 14. Restore default SELinux security contexts:

/sbin/restorecon -v -R /home

15. Reboot the machine:

shutdown -r now

16. The entry in the /etc/crypttab makes your computer ask your luks passphrase on boot.

17. Log in as root and restore your backup.

You now have an encrypted partition for all of your data to safely rest while the computer is off.

3.2.4.3. Add a new passphrase to an existing device

Use the following command to add a new passphrase to an existing device:

cryptsetup luksAddKey <device>

After being prompted for any one of the existing passprases for authentication, you will be prompted to enter the new passphrase.

3.2.4.4. Remove a passphrase from an existing device

Use the following command to remove a passphrase from an existing device:

cryptsetup luksRemoveKey <device>

You will be prompted for the passphrase you wish to remove and then for any one of the remaining passphrases for authentication.

3.2.4.5. Creating Encrypted Block Devices in Anaconda

You can create encrypted devices during system installation. This allows you to easily configure a system with encrypted partitions.

To enable block device encryption, check the Encrypt System check box when selecting automatic partitioning or the Encrypt checkbox when creating an individual partition, software RAID array, or logical volume. After you finish partitioning, you will be prompted for an encryption passphrase. This passphrase will be required to access the encrypted devices. If you have pre-existing LUKS devices and provided correct passphrases for them earlier in the install process the passphrase entry dialog will also contain a check box. Checking this checkbox indicates that you would like the new passphrase to be added to an available slot in each of the pre-existing encrypted block devices.

Note

Checking the Encrypt System checkbox on the Autom atic Partitioning screen and then choosing Create custom layout does not cause any block devices to be encrypted

automatically.

Note

You can use a kickstart file to set a separate passphrase for each new encrypted block device. Also, kickstart allows you to specify a different type of encryption if the Anaconda default cipher, aes-xts-plain64, does not suit you. In dependencies on a device you want to encrypt, you can specify the --cipher=<cipher-string> along with the autopart, part, partition, logvol, and raid directives. This option has to be used together with the --encrypted option, otherwise it has no effect. For more information about the <cipher-string> format and possible cipher combinations, refer to Section 3.2.4.1, “LUKS Implementation in Red Hat

Enterprise Linux”. For more information about kickstart configuration, refer to the Red Hat Enterprise Linux Installation Guide.

3.2.4.6. Additional Resources

For additional information on LUKS or encrypting hard drives under Red Hat Enterprise Linux, visit one of the following links:

LUKS home page LUKS/cryptsetup FAQ

LUKS - Linux Unified Key Setup Wikipedia Article

HOWTO: Creating an encrypted Physical Volume (PV) using a second hard drive and pvmove