Slide 1
Slide 1 text
dm-crypt
Concept & Usage
Slide 2
Slide 2 text
2
2
Contents
• Data Encryption
• dm-crypt, cryptsetup and LUKS
• Demo
• Additional
Slide 3
Slide 3 text
3
3
Why encryption?
Slide 4
Slide 4 text
4
4
Information Security
Slide 5
Slide 5 text
5
5
Individual Enterprise
Privacy
Confdential
Contents
Slide 6
Slide 6 text
6
6
Disk Encryption plays one of
the most important role in
the information security
Slide 7
Slide 7 text
7
7
Large amount of data
Slide 8
Slide 8 text
8
8
Calculation
Slide 9
Slide 9 text
9
9
GNU/Linux
Slide 10
Slide 10 text
Dm-crypt,
cryptsetup & LUKS
Slide 11
Slide 11 text
11
11
Several Concepts
● dm-crypt
● cryptsetup
● LUKS
Slide 12
Slide 12 text
12
12
What is dm-crypt ?
Slide 13
Slide 13 text
13
13
Kernel
Kernel
Kernel Function
Kernel Function
Device
Mapper
dm-crypt
Slide 14
Slide 14 text
14
14
Device Mapper
Slide 15
Slide 15 text
15
15
Block Device
Block Device Block Device
(Mapped)
Block Device
(Mapped)
Slide 16
Slide 16 text
16
16
decrypt
decrypt
encrypt
encrypt
Block Device
Block Device Block Device
(Mapped)
Block Device
(Mapped)
Slide 17
Slide 17 text
17
17
What is cryptsetup?
Slide 18
Slide 18 text
18
18
● Library
● Command-line interface
What is cryptsetup?
Slide 19
Slide 19 text
19
19
LUKS
Slide 20
Slide 20 text
20
20
"Linux Unifed Key Setup"
Specifcation
- platform-independent standard
Slide 21
Slide 21 text
21
21
cryptsetup + LUKS ?
Slide 22
Slide 22 text
22
22
“Saltless”
Slide 23
Slide 23 text
23
23
Cryptsetup
LUKS
LUKS
LUKS
LUKS
Slide 24
Slide 24 text
Demo
Slide 25
Slide 25 text
Key in dm-crypt
Slide 26
Slide 26 text
26
26
luksAddKey
luksAddKey
Slide 27
Slide 27 text
27
27
luksDump
luksDump
Slide 28
Slide 28 text
28
28
luksHeaderBackup
luksHeaderRestore
luksHeaderBackup
luksHeaderRestore
Slide 29
Slide 29 text
dm-crypt in system
Slide 30
Slide 30 text
30
30
Setup on system installation
Setup on system installation
Slide 31
Slide 31 text
31
31
Slide 32
Slide 32 text
32
32
Slide 33
Slide 33 text
33
33
Slide 34
Slide 34 text
34
34
/etc/crypttab
cr_home /dev/disk/by-id/ta-
QEMU_HARDDISK_QM00001-part3 none none
Slide 35
Slide 35 text
35
35
/etc/fstab
/dev/mapper/cr_home /home xfs nofail 0 2
Slide 36
Slide 36 text
36
36
Slide 37
Slide 37 text
37
37
Additional
Slide 38
Slide 38 text
38
38
cipher
Default:
encryption: aes-xts-plain64 with 256-bit volume master key
password hash: sha256
--hash sha512
Slide 39
Slide 39 text
39
39
AES
AES instruction set
Slide 40
Slide 40 text
40
40
# dd if=/dev/urandom/ of=/tmp/foo bs=4M
/dev/zero/
Slide 41
Slide 41 text
41
41
Best practice of encryption level
● File based encryption
● Home partition encryption
● Whole partition encryption (/, swap and /home)
Slide 42
Slide 42 text
Thank you.
Thank you.
That’s all today!
Try it & have a lot of fun!
Slide 43
Slide 43 text
43
43
Reference
● https://en.wikipedia.org/wiki/Dm-crypt
● https://en.wikipedia.org/wiki/Linux_Unifed_Key_Setup
● https://en.wikipedia.org/wiki/Device_mapper
Slide 44
Slide 44 text
General Disclaimer
This document is not to be construed as a promise by any participating organization
to develop, deliver, or market a product. It is not a commitment to deliver any
material, code, or functionality, and should not be relied upon in making purchasing
decisions. openSUSE makes no representations or warranties with respect to the
contents of this document, and specifcally disclaims any express or implied
warranties of merchantability or ftness for any particular purpose. The development,
release, and timing of features or functionality described for openSUSE products
remains at the sole discretion of openSUSE. Further, openSUSE reserves the right to
revise this document and to make changes to its content, at any time, without
obligation to notify any person or entity of such revisions or changes. All openSUSE
marks referenced in this presentation are trademarks or registered trademarks of
SUSE LLC, in the United States and other countries. All third-party trademarks are the
property of their respective owners.
General Disclaimer
This document is not to be construed as a promise by any participating organization
to develop, deliver, or market a product. It is not a commitment to deliver any
material, code, or functionality, and should not be relied upon in making purchasing
decisions. openSUSE makes no representations or warranties with respect to the
contents of this document, and specifcally disclaims any express or implied
warranties of merchantability or ftness for any particular purpose. The development,
release, and timing of features or functionality described for openSUSE products
remains at the sole discretion of openSUSE. Further, openSUSE reserves the right to
revise this document and to make changes to its content, at any time, without
obligation to notify any person or entity of such revisions or changes. All openSUSE
marks referenced in this presentation are trademarks or registered trademarks of
SUSE LLC, in the United States and other countries. All third-party trademarks are the
property of their respective owners.
License
This slide deck is licensed under the Creative Commons Attribution-ShareAlike 4.0
International license. It can be shared and adapted for any purpose (even commercially) as
long as Attribution is given and any derivative work is distributed under the same license.
Details can be found at https://creativecommons.org/licenses/by-sa/4.0/
License
This slide deck is licensed under the Creative Commons Attribution-ShareAlike 4.0
International license. It can be shared and adapted for any purpose (even commercially) as
long as Attribution is given and any derivative work is distributed under the same license.
Details can be found at https://creativecommons.org/licenses/by-sa/4.0/
Credits
Template
Richard Brown
[email protected]
Design & Inspiration
openSUSE Design Team
http://opensuse.github.io/branding-
guidelines/
Credits
Template
Richard Brown
[email protected]
Design & Inspiration
openSUSE Design Team
http://opensuse.github.io/branding-
guidelines/