Friday, July 16, 2010

Encryption Options in Linux

A lot of people post to the Ubuntu forums wondering about encryption options, or, more generally, how to secure their data in a number of different scenarios. There's a lot of questions one must ask oneself: do I want asymmetric or symmetric encryption? Do I want to encrypt a whole disk, container, or a single file? How about e-mail and IM encryption? Luckily all of these things can be done in a fairly straight-forward way with software your distro came with out of the box. This post will cover only encrypting files, folders, partitions and whole disks. It will not cover e-mail (I will save that for another post since it deserves special attention).



Whole Disk Encryption

Whole disk encryption can be achieved by utilizing dm-crypt/LUKS. Fedora allows this option with just a couple of clicks during the install, and has, by far, the easiest set-up of WDE (whole disk encryption). Ubuntu, on the other hand, requires the user to download the "alternate install CD" and then install manually by creating one's partitions and then putting them in a LVM. It can be a bit confusing if you're new and don't understand the idea behind LVM's. Instead of reinventing the wheel, I will provide a link to this tutorial that should allow you to achieve whole disk encryption on Ubuntu fairly easily.

Encrypted Containers

If you've ever used Truecrypt[1] on Windows, then you are probably familiar with on-the-fly encrypted containers. This is the next "step down" from encrypting the entire drive. The idea is to have a container (of any size) where all of your sensitive files are placed without having to worry with the overhead that can come with WDE.

For this task we will use dm-crypt/LUKS, which is the same software used for WDE. Setting this up will have to be done from the command line. Again, instead of reinventing the wheel, I will refer you to another blog post which outlines exactly how to do this. Once you get your container setup you will need an easy way to mount and unmount it. Here are a couple of scripts which do that. To mount an encrypted container:

Mount a container


#!/bin/bash
/dev/loop/0 testfile
cryptsetup luksOpen /dev/loop/0 testfs
mount /dev/mapper/testfs /mnt/test/


Name the file something like "mount.sh" and then run

chmod +x mount.sh


Then when you want to mount your container, just run:

./mount.sh


NOTE: be sure to change the name of the container and its location in these scripts!

Now to unmount a container:

Unmount a Container
#!/bin/bash
umount /mnt/test
cryptsetup luksClose /dev/mapper/testfs
losetup -d /dev/loop/0


NOTE: if you are using partitions instead of containers, omit the last line (losetup -d /dev/loop0)/

Name this script something like unmount.sh, run chmod +x unmount.sh and you're ready to go.

Encrypting Single Files

There are numerous ways to encrypt a single file (or folder) under Linux. One way (and the best way) is GnuPG. Other options include openSSL and Mcrypt, to name but two. I am going to cover GPG and Mcrypt with this guide. But in case you're interested in using OpenSSL, you can follow this guide.

GnuPG should be your one, and only, piece of software for all your encryption needs. It's typically pre-installed on most distros, so to check for it, just run:

gpg --version
If you see output, then it's installed.

Encrypting a single file with GPG can be done in one of two ways: The first way is by utilizing what we call asymmetric encryption, (aka public key cryptography). You will not want to use this method unless you already have a public key created. A public key is used only for e-mail encryption and situations where one needs authentication and verification that a file or e-mail is really from the person it claims to be from. If you don't need that, then it is easier to use symmetric encryption. This post is not going to cover public keys or e-mail encryption/signatures. I will save that for another post.

To encrypt a file with GPG, you simply do the following:

gpg -ca file
This command encrypts the file with a symmetric algorithm and outputs it in "armor" format (which just means ASCII text). If you don't want armor output, you can just omit the -a flag. If you want to specify a certain cipher, you can add the --cipher-algo flag to the above command:

gpg -ca --cipher-algo twofish file
If you specify a certain cipher, you will also likely want to specify a certain hash algorithm. The rule of thumb is to use a hash algorithm that is twice the size of the encryption algorithm. So, if you are using AES-128, you want to use a 256 bit hash algorithm. If you are using AES-192 or 256 you will want to use a 384 or 512 bit hash.

Here is how I recommend all files be encrypted:

gpg -ca --cipher-algo aes --s2k-digest-algo sha256 file.txt
This will encrypt the file with AES-128 and SHA-256. 192 and 256 bit ciphers are way overkill (unless you really need to future proof a file that will be in storage for decades or centuries)[2]. To see a list of all possible ciphers and hashes, run:

gpg --version
To decrypt the file, simply run:

gpg -d file.gpg

Using Mcrypt for file encryption

GPG should be able to do all file encryption. However, there are some algorithms it does not provide. One algorithm a lot of tin-foil hat types like to have access to is Serpent, and in order to use Serpent, one needs a program like Mcrypt. First we must install it. On Ubuntu:

sudo apt-get install mcrypt
Once installed you can see all the ciphers and modes by typing:

mcrypt --list
Encryption is straight-forward

mcrypt -a serpent -h sha512 -m cbc file.txt
The output will be "file.txt.nc."

You can change the mode if you wish, but I recommend sticking with Serpent and SHA-512. (The Serpent used here is the 256 bit version). You can even make mcrypt compatible with the OpenPGP format by adding the -g flag (and omitting the -m flag).

To decrypt:

mcrypt -d file.txt.nc
A Word on Passwords

One thing many people neglect is creating strong passwords. This habit is one reason I don't recommend using symmetric ciphers of over 128 bits in length since very few people make passwords as strong as 128 bits (much less 256 bits). In order to create a password that is equal in strength to an 128 bit encryption algorithm itself, one must create a random password of 20 characters in length (assuming all 94 ASCII printable characters are used). Notice I said random. A 20 character password of "123456..." wont cut it, nor will a random sentence like "My dog skip jumped over the fence," even though the latter is much better than the former.

I created a little password generation app that will help solve this problem. To install it on Ubuntu, type the following command in the terminal:

sudo add-apt-repository ppa:rookcifer/pypass && sudo apt-get update && sudo apt-get install pypass
To run it, simply look in your menu under "Accessories" and you will see "Pypass password generator" there. (The program has a GUI). It offers, among other options, an option of creating a password using the "Diceware" method, which is good for creating passwords that can be easily remembered.

If you don't wish to use my app, then you can read about easy ways to create memorable, yet strong, passwords on your own. Here is one such article.


Footnotes:

1) Truecrypt can be used on Linux too, but you will have to install it manually since most repos wont allow it since it's licensing is a bit flaky.

2) To brute force a 128 bit cipher would take all the computers on the earth more time than the Sun has left in its life cycle -- that is, billions of years.

1 comment:

  1. thanks for brief introduction about linux encryption options. But i would give you one suggestion. Make your blog more engaging with better formatting and nice examples of code. Good luck!

    ReplyDelete