Slide 1

Slide 1 text

dm-crypt Concept & Usage

Slide 2

Slide 2 text

2 2 Contents • Data Encryption • dm-crypt, cryptsetup and LUKS • Demo • Additional

Slide 3

Slide 3 text

3 3 Why encryption?

Slide 4

Slide 4 text

4 4 Information Security

Slide 5

Slide 5 text

5 5 Individual Enterprise Privacy Confdential Contents

Slide 6

Slide 6 text

6 6 Disk Encryption plays one of the most important role in the information security

Slide 7

Slide 7 text

7 7 Large amount of data

Slide 8

Slide 8 text

8 8 Calculation

Slide 9

Slide 9 text

9 9 GNU/Linux

Slide 10

Slide 10 text

Dm-crypt, cryptsetup & LUKS

Slide 11

Slide 11 text

11 11 Several Concepts ● dm-crypt ● cryptsetup ● LUKS

Slide 12

Slide 12 text

12 12 What is dm-crypt ?

Slide 13

Slide 13 text

13 13 Kernel Kernel Kernel Function Kernel Function Device Mapper dm-crypt

Slide 14

Slide 14 text

14 14 Device Mapper

Slide 15

Slide 15 text

15 15 Block Device Block Device Block Device (Mapped) Block Device (Mapped)

Slide 16

Slide 16 text

16 16 decrypt decrypt encrypt encrypt Block Device Block Device Block Device (Mapped) Block Device (Mapped)

Slide 17

Slide 17 text

17 17 What is cryptsetup?

Slide 18

Slide 18 text

18 18 ● Library ● Command-line interface What is cryptsetup?

Slide 19

Slide 19 text

19 19 LUKS

Slide 20

Slide 20 text

20 20 "Linux Unifed Key Setup" Specifcation - platform-independent standard

Slide 21

Slide 21 text

21 21 cryptsetup + LUKS ?

Slide 22

Slide 22 text

22 22 “Saltless”

Slide 23

Slide 23 text

23 23 Cryptsetup LUKS LUKS LUKS LUKS

Slide 24

Slide 24 text

Demo

Slide 25

Slide 25 text

Key in dm-crypt

Slide 26

Slide 26 text

26 26 luksAddKey luksAddKey

Slide 27

Slide 27 text

27 27 luksDump luksDump

Slide 28

Slide 28 text

28 28 luksHeaderBackup luksHeaderRestore luksHeaderBackup luksHeaderRestore

Slide 29

Slide 29 text

dm-crypt in system

Slide 30

Slide 30 text

30 30 Setup on system installation Setup on system installation

Slide 31

Slide 31 text

31 31

Slide 32

Slide 32 text

32 32

Slide 33

Slide 33 text

33 33

Slide 34

Slide 34 text

34 34 /etc/crypttab cr_home /dev/disk/by-id/ta- QEMU_HARDDISK_QM00001-part3 none none

Slide 35

Slide 35 text

35 35 /etc/fstab /dev/mapper/cr_home /home xfs nofail 0 2

Slide 36

Slide 36 text

36 36

Slide 37

Slide 37 text

37 37 Additional

Slide 38

Slide 38 text

38 38 cipher Default: encryption: aes-xts-plain64 with 256-bit volume master key password hash: sha256 --hash sha512

Slide 39

Slide 39 text

39 39 AES AES instruction set

Slide 40

Slide 40 text

40 40 # dd if=/dev/urandom/ of=/tmp/foo bs=4M /dev/zero/

Slide 41

Slide 41 text

41 41 Best practice of encryption level ● File based encryption ● Home partition encryption ● Whole partition encryption (/, swap and /home)

Slide 42

Slide 42 text

Thank you. Thank you. That’s all today! Try it & have a lot of fun!

Slide 43

Slide 43 text

43 43 Reference ● https://en.wikipedia.org/wiki/Dm-crypt ● https://en.wikipedia.org/wiki/Linux_Unifed_Key_Setup ● https://en.wikipedia.org/wiki/Device_mapper

Slide 44

Slide 44 text

General Disclaimer This document is not to be construed as a promise by any participating organization to develop, deliver, or market a product. It is not a commitment to deliver any material, code, or functionality, and should not be relied upon in making purchasing decisions. openSUSE makes no representations or warranties with respect to the contents of this document, and specifcally disclaims any express or implied warranties of merchantability or ftness for any particular purpose. The development, release, and timing of features or functionality described for openSUSE products remains at the sole discretion of openSUSE. Further, openSUSE reserves the right to revise this document and to make changes to its content, at any time, without obligation to notify any person or entity of such revisions or changes. All openSUSE marks referenced in this presentation are trademarks or registered trademarks of SUSE LLC, in the United States and other countries. All third-party trademarks are the property of their respective owners. General Disclaimer This document is not to be construed as a promise by any participating organization to develop, deliver, or market a product. It is not a commitment to deliver any material, code, or functionality, and should not be relied upon in making purchasing decisions. openSUSE makes no representations or warranties with respect to the contents of this document, and specifcally disclaims any express or implied warranties of merchantability or ftness for any particular purpose. The development, release, and timing of features or functionality described for openSUSE products remains at the sole discretion of openSUSE. Further, openSUSE reserves the right to revise this document and to make changes to its content, at any time, without obligation to notify any person or entity of such revisions or changes. All openSUSE marks referenced in this presentation are trademarks or registered trademarks of SUSE LLC, in the United States and other countries. All third-party trademarks are the property of their respective owners. License This slide deck is licensed under the Creative Commons Attribution-ShareAlike 4.0 International license. It can be shared and adapted for any purpose (even commercially) as long as Attribution is given and any derivative work is distributed under the same license. Details can be found at https://creativecommons.org/licenses/by-sa/4.0/ License This slide deck is licensed under the Creative Commons Attribution-ShareAlike 4.0 International license. It can be shared and adapted for any purpose (even commercially) as long as Attribution is given and any derivative work is distributed under the same license. Details can be found at https://creativecommons.org/licenses/by-sa/4.0/ Credits Template Richard Brown [email protected] Design & Inspiration openSUSE Design Team http://opensuse.github.io/branding- guidelines/ Credits Template Richard Brown [email protected] Design & Inspiration openSUSE Design Team http://opensuse.github.io/branding- guidelines/