![]() |
FreeOTFE |
This section gives a series of examples of how to create Linux LUKS volumes, and then mount them using FreeOTFE.
These examples have been tested using Fedora Core 3, with a v2.6.20.1 kernel installed and using cryptsetup-luks v1.0; though they should work for all compatible Linux distributions.
Note: The executable name in the following examples is "cryptsetup-luks"; most systems use "cryptsetup".
To begin using LUKS under Linux, ensure that the various kernel modules are installed:
modprobe cryptoloop
modprobe aes
modprobe anubis
modprobe arc4
modprobe blkcipher
modprobe blowfish
modprobe cast5
modprobe cast6
modprobe cbc
modprobe crc32c
modprobe crypto_algapi
modprobe crypto_hash
modprobe cryptomgr
modprobe crypto_null
modprobe deflate
modprobe des
modprobe ecb
modprobe gf128mul
modprobe hmac
modprobe khazad
modprobe lrw
modprobe md4
modprobe md5
modprobe michael_mic
modprobe serpent
modprobe sha1
modprobe sha256
modprobe sha512
modprobe tea
modprobe tgr192
modprobe twofish_common
modprobe twofish
modprobe wp512
modprobe xcbc
# dm_mod should give you dm_snapshot, dm_zero and dm_mirror?
modprobe dm_mod
modprobe dm_crypt
At this point, typing "dmsetup targets" should give you something along the lines of:crypt v1.0.0 striped v1.0.1 linear v1.0.1 error v1.0.1Typing "lsmod" will show you which modules are currently installed.
If not overridden by the user, LUKS defaults to encrypting with:
Cypher: | AES |
---|---|
Cypher keysize: | 128 bit |
Cypher mode: | cbc-plain |
Hash: | SHA-1 |
Creating the volume file under Linux:
Mounting the volume under FreeOTFE:dd if=/dev/zero of=./volumes/vol_default.vol bs=1M count=1 losetup /dev/loop0 ./volumes/vol_default.vol echo password1234567890ABC | cryptsetup-luks luksFormat /dev/loop0 cryptsetup-luks luksDump /dev/loop0 echo password1234567890ABC | cryptsetup-luks luksOpen /dev/loop0 myMapper dmsetup ls dmsetup table dmsetup status cryptsetup-luks status myMapper losetup /dev/loop1 /dev/mapper/myMapper mkdosfs /dev/loop1 mkdir ./test_mountpoint mount /dev/loop1 ./test_mountpoint cp ./test_files/SHORT_TEXT.txt ./test_mountpoint cp ./test_files/BINARY_ZEROS.dat ./test_mountpoint cp ./test_files/BINARY_ABC_RPTD.dat ./test_mountpoint cp ./test_files/BINARY_00_FF_RPTD.dat ./test_mountpoint umount ./test_mountpoint losetup -d /dev/loop1 cryptsetup-luks luksClose myMapper losetup -d /dev/loop0 rm -rf ./test_mountpoint
Creating the volume file under Linux:
Mounting the volume under FreeOTFE:dd if=/dev/zero of=./volumes/vol_aes_256.vol bs=1M count=1 losetup /dev/loop0 ./volumes/vol_aes_256.vol echo password1234567890ABC | cryptsetup-luks -c aes -s 256 luksFormat /dev/loop0 cryptsetup-luks luksDump /dev/loop0 echo password1234567890ABC | cryptsetup-luks luksOpen /dev/loop0 myMapper dmsetup ls dmsetup table dmsetup status cryptsetup-luks status myMapper losetup /dev/loop1 /dev/mapper/myMapper mkdosfs /dev/loop1 mkdir ./test_mountpoint mount /dev/loop1 ./test_mountpoint cp ./test_files/SHORT_TEXT.txt ./test_mountpoint cp ./test_files/BINARY_ZEROS.dat ./test_mountpoint cp ./test_files/BINARY_ABC_RPTD.dat ./test_mountpoint cp ./test_files/BINARY_00_FF_RPTD.dat ./test_mountpoint umount ./test_mountpoint losetup -d /dev/loop1 cryptsetup-luks luksClose myMapper losetup -d /dev/loop0 rm -rf ./test_mountpoint
Creating the volume file under Linux:
Mounting the volume under FreeOTFE:dd if=/dev/zero of=./volumes/vol_twofish.vol bs=1M count=1 losetup /dev/loop0 ./volumes/vol_twofish.vol echo password1234567890ABC | cryptsetup-luks -c twofish luksFormat /dev/loop0 cryptsetup-luks luksDump /dev/loop0 echo password1234567890ABC | cryptsetup-luks luksOpen /dev/loop0 myMapper dmsetup ls dmsetup table dmsetup status cryptsetup-luks status myMapper losetup /dev/loop1 /dev/mapper/myMapper #cat ./test_files/2MB_Z.dat > /dev/loop1 #cat ./test_files/2MB_0x00.dat > /dev/loop1 mkdosfs /dev/loop1 mkdir ./test_mountpoint mount /dev/loop1 ./test_mountpoint cp ./test_files/SHORT_TEXT.txt ./test_mountpoint cp ./test_files/BINARY_ZEROS.dat ./test_mountpoint cp ./test_files/BINARY_ABC_RPTD.dat ./test_mountpoint cp ./test_files/BINARY_00_FF_RPTD.dat ./test_mountpoint umount ./test_mountpoint losetup -d /dev/loop1 cryptsetup-luks luksClose myMapper losetup -d /dev/loop0 rm -rf ./test_mountpoint
Creating the volume file under Linux:
Mounting the volume under FreeOTFE:dd if=/dev/zero of=./volumes/vol_aes_xts.vol bs=5M count=1 losetup /dev/loop0 ./volumes/vol_aes_xts.vol echo password1234567890ABC | cryptsetup-luks -c aes-xts-plain -s 512 luksFormat /dev/loop0 cryptsetup-luks luksDump /dev/loop0 echo password1234567890ABC | cryptsetup-luks luksOpen /dev/loop0 myMapper dmsetup ls dmsetup table dmsetup status cryptsetup-luks status myMapper losetup /dev/loop1 /dev/mapper/myMapper #cat ./test_files/2MB_Z.dat > /dev/loop1 #cat ./test_files/2MB_0x00.dat > /dev/loop1 mkdosfs /dev/loop1 mkdir ./test_mountpoint mount /dev/loop1 ./test_mountpoint cp ./test_files/SHORT_TEXT.txt ./test_mountpoint cp ./test_files/BINARY_ZEROS.dat ./test_mountpoint cp ./test_files/BINARY_ABC_RPTD.dat ./test_mountpoint cp ./test_files/BINARY_00_FF_RPTD.dat ./test_mountpoint umount ./test_mountpoint losetup -d /dev/loop1 cryptsetup-luks luksClose myMapper losetup -d /dev/loop0 rm -rf ./test_mountpoint
Creating the volume file under Linux:
Mounting the volume under FreeOTFE:dd if=/dev/zero of=./volumes/vol_serpent_xts.vol bs=5M count=1 losetup /dev/loop0 ./volumes/vol_serpent_xts.vol echo password1234567890ABC | cryptsetup-luks -c serpent-xts-plain -s 512 luksFormat /dev/loop0 cryptsetup-luks luksDump /dev/loop0 echo password1234567890ABC | cryptsetup-luks luksOpen /dev/loop0 myMapper dmsetup ls dmsetup table dmsetup status cryptsetup-luks status myMapper losetup /dev/loop1 /dev/mapper/myMapper #cat ./test_files/2MB_Z.dat > /dev/loop1 #cat ./test_files/2MB_0x00.dat > /dev/loop1 mkdosfs /dev/loop1 mkdir ./test_mountpoint mount /dev/loop1 ./test_mountpoint cp ./test_files/SHORT_TEXT.txt ./test_mountpoint cp ./test_files/BINARY_ZEROS.dat ./test_mountpoint cp ./test_files/BINARY_ABC_RPTD.dat ./test_mountpoint cp ./test_files/BINARY_00_FF_RPTD.dat ./test_mountpoint umount ./test_mountpoint losetup -d /dev/loop1 cryptsetup-luks luksClose myMapper losetup -d /dev/loop0 rm -rf ./test_mountpoint