Search:  
Gentoo Wiki

HOWTO_Encrypt_Your_Home_Directory_Using_LUKS_and_pam_mount

This article is part of the Security series.

Contents

Introduction

This HowTo will explain how to encrypt your home partition. The intended setup will use the user’s system login password to decrypt the partition automatically on login.

This setup is intended for new installations. If you want to change your current system, make sure you have a backup of all your important data (duh). Also, once the setup is running, make regular backups, as a tiny corruption of your hard disk can make the encrypted partition inaccessible. Keep an un-altered copy of /etc/fstab and /etc/pamd.d/system-auth, too.

Note: This setup is to prevent people from reading your files in case your laptop gets stolen. It does not protect against conventional attacks like key loggers, trojans, root kits and the like. Also, someone gets physical access while your laptop is running, they can of course access the then unencrypted partition.

Be aware that while strong cryptography is legal in most Western states, there are many restrictions when crossing borders.

This HowTo takes the following assumptions (change values accordingly):

  1. The user whose home will be encrypted is called john
  2. The swap partition is on /dev/hda2
  3. The home partition is on /dev/hda4

So, in short, your /etc/fstab looks something like this:

File: /etc/fstab
/dev/hda1		/boot		ext2		noauto,noatime	1 2
/dev/hda3		/		ext3		noatime		0 1
/dev/hda2		none		swap		sw		0 0
/dev/hda4		/home/john	ext3		noatime		0 0
[...]

The important part is that you have a dedicated partition for your user’s home. It is also possible to do this setup without a dedicated home partition, it is however more complicated and not covered here. Check the references for more.

If your home partition is mounted on /home, rather than /home/john, backup the data of all users. Note that after the encryption, the entire partition can only be used by john, so the other users will have to use space on the root partition.

Note: All the steps here have to be done by root, unless specified otherwise. You should not be logged in as the user during this setup (”The user” being the user whose home partition should be encrypted).

Part 1 - Creating an encrypted partition

Step 1

Backup all your stuff. Really.

Step 2 - Kernel options

You need a number of kernel options activated for this setup.

Linux Kernel Configuration: Kernel options
Device Drivers --->
 Multiple devices driver support (RAID and LVM) --->
   [*] Multiple devices driver support (RAID and LVM)
     < >   RAID support
     <*>   Device mapper support
     <*>     Crypt target support

Cryptographic options —>

 <*>   MD5 digest algorithm
 <*>   SHA1 digest algorithm
 <*>   AES cipher algorithms


Step 3 - Required software

You need a recent baselayout to have /etc/conf.d/cryptfs support. At the time of writing, the stable x86 baselayout has cryptfs support. You need cryptsetup. This should have been installed to satisfy dependancies.

Note: On newest Gentoo systems /etc/conf.d/cryptfs is replaced by /etc/conf.d/dmcrypt

Now install pam_mount. This is masked by ~arch, so put the corresponding line into /etc/portage/package.keywords first, as well as sys-libs/libhx.

# echo "sys-auth/pam_mount" >> /etc/portage/package.keywords
# echo "sys-libs/libhx" >> /etc/portage/package.keywords
# emerge -va sys-auth/pam_mount

Step 4 - encrypt swap

The first thing we will do is to encrypt your swap partition. You don’t want stuff that has been swapped from your soon encrypted home partition to be readable. Also, encrypting swap is an easy way to start, since you won’t break anything if something goes wrong. With the new baselayout, it is extremely easy, too.

Open /etc/conf.d/cryptfs. There is a comment section for swap encryption already in there. Add the following line:

File: /etc/conf.d/cryptfs
# Swap partitions. These should come first so that no keys make their
# way into unencrypted swap.
# If no options are given, they will default to: -c aes -h sha1 -d /dev/urandom
# If no makefs is given then mkswap will be assumed
swap=crypt-swap source='/dev/hda2'

where /dev/hda2 is your swap partition. Now edit fstab, to point to the now encrypted swap:

File: /etc/fstab
/dev/hda1      /boot          ext2     noauto,noatime  1 2
/dev/hda3      /                ext3     noatime         0 1
/dev/mapper/crypt-swap    none           swap    sw             0 0
/dev/hda4      /home/john  ext3      noatime         0 1
}

That’s it. In short, this uses a random passphrase to encrypt your swap. The encrypted swap partition resides in the logical device /dev/mapper/crypt-swap (more on that later). After shutdown, the partition is fully encrypted and the passphrase lost - the system will create a new one on each startup. Please see http://www.gentoo.org/proj/en/hardened/disk-cryptography.xml for details.

Remember to add dmcrypt to runlevel boot:

# rc-update add dmcrypt boot

Now reboot to make the system use the encrypted swap partition.

Step 5 - prepare your disk

Backup all the stuff from you home partition (/dev/hda4 in this Howto) if you haven’t already done so. Now it’s time to create the encrypted partition using cryptsetup. This will permanently erase anything on the home partition.

# umount /dev/hda4
# cryptsetup --verbose --verify-passphrase luksFormat /dev/hda4

Follow the instructions (Type uppercase YES). Enter your passphrase twice. The passphrase has to be identical to your users login passphrase, so use the same passphrase or change your user’s later on. Needless to say, use a good passphrase, or the whole encryption is in vain.

If something goes wrong, double check that you activated the necessary kernel options and that the partition is not mounted.

If that worked fine, your partition is encrypted and ready to be used. To use it, you have to create a mapping between the physical (encrypted) partition and a logical device. This too is done via cryptsetup:

# cryptsetup luksOpen /dev/hda4 hda4

This will prompt for your passphrase. After you entered it, a new device named hda4 should show up under /dev/mapper. Also notice the swap device we created in Step 4:

Code: # ls -l /dev/mapper
total 0
brw------- 1 root root 254,  1 May 17 17:50 hda4
crw-rw---- 1 root root  10, 63 May 17 17:46 control
brw------- 1 root root 254,  0 May 17 17:46 crypt-swap

Now you have a mapping from the physical partition to a logical device.

Step 6 - create a filesystem on the encrypted partition

Before formatting and using the disk, it's best to fill your encrypted device with high quality random data. This will be much more resistant to a full cryptanalysis attack. The following should suffice:

# dd bs=256k if=/dev/urandom of=/dev/mapper/hda4

The new device can be used just like any other partition. It’s time to create a filesystem. Use the filesystem of your choice, the type should not matter. Here is how to create a Ext3 filesystem on the encrypted partition:

# mke2fs -j /dev/mapper/hda4

Now let’s mount the filesystem:

# mkdir /home/john
# mount /dev/mapper/hda4 /home/john 

Don’t move (important) data on the new filesystem just yet. You should to go through the whole setup process before you put anything on the encrypted home partition. Of course, you can copy some files just for testing:

# cd /home/john
# touch testfile
# cd
# umount /home/john
# cryptsetup luksClose hda4
# ls /dev/mapper/
control crypt-swap
# cryptsetup luksOpen /dev/hda4 hda4
# mount /dev/mapper/hda4 /home/john 
# ls /home/john
lost+found testfile

The actual encryption part is done - now comes part 2, the automatic decrypting on login.

Part 2 - Automatic decrypting and mounting on login

Step 1 - Edit pam_mount.conf

Edit /etc/security/pam_mount.conf.xml and refer to the comments in this file for default configuration options and extensive comments.

example:

File: /etc/security/pam_mount.conf.xml
   <volume user="john" fstype="crypt" path="/dev/hda4" mountpoint="/home/john" />

Step 2 - Make sure pam_mount is executed on login

Note: Before rebooting, if you had old references to /home/user in your /etc/fstab, remember to remove/comment out them, otherwise you'll be unable to boot!!!

Finally we need to make sure pam_mount is executed when a user logs in. Reboot first to remove any previously mounted /dev/mapper/* devices. Open /etc/pam.d/system-auth. It should look similar to this:

File: /etc/pam.d/system-auth
#%PAM-1.0
auth       required     pam_env.so
auth       sufficient   pam_unix.so likeauth nullok
auth       required     pam_deny.so

account    required     pam_unix.so

password   required     pam_cracklib.so difok=2 minlen=8 dcredit=2 ocredit=2 retry=3
password   sufficient   pam_unix.so nullok md5 shadow use_authtok
password   required     pam_deny.so

session    required     pam_limits.so
session    required     pam_unix.so

Now, make the following changes:

File: /etc/pam.d/system-auth
#%PAM-1.0
 auth       required     pam_env.so
 auth       optional     pam_mount.so
 auth       sufficient   pam_unix.so likeauth nullok use_first_pass
 auth       required     pam_deny.so use_first_pass

 account    required     pam_unix.so
 
 password   required     pam_cracklib.so difok=2 minlen=8 dcredit=2 ocredit=2 retry=3
 password   sufficient   pam_unix.so nullok md5 shadow use_authtok
 password   required     pam_deny.so

 session    required     pam_limits.so
 session    required     pam_unix.so
 session    optional     pam_mount.so

The important part is that the auth optional pam_mount.so line comes before any auth sufficient .... lines. This lets the pam_mount module ask for a password before the other PAM modules do. The use_first_pass argument for the following lines passes this password on to the other modules so they won't ask for a password a second time.

It's unclear if this particular order of modules is feature or a bug. It used to work by just adding the auth optional pam_mount.so line anywhere in the file with pam_mount versions older than 0.15.

Note: The password used for encrypted partition and stored /etc/shadow are same. It's more secure to use sha512 encrypt algoritm for /etc/shadow exchange md5. To do this (see man pam_unix), change one line in /etc/pam.d/system-auth similar to this

password required pam_unix.so try_first_pass sha512 shadow use_authtok

To use SHA512 algorithm in pam_unix, libcrypt must support it (sys-libs/glibc 2.7).

Let's test it

Now log in as the user (john), using the passphrase given for both system login and the encryption in part 1. Don’t be scared by verbose console output on login. If everything works fine, the login takes 1 or 2 seconds longer than usual. Check if the automatic decrypting worked:

Code: $ df
Filesystem           1K-blocks      Used Available Use% Mounted on
/dev/hda3              6712428   3327060   3044392  53% /
udev                    512432      2772    509660   1% /dev
shm                     512432         0    512432   0% /dev/shm
/dev/mapper/_dev_hda4
                     59186812    194492  55985784   1% /home/john

Note: _dev_hda4 is the name pam_mount chooses for the mapper device, rather than just hda4 like we did earlier. The name doesn’t really matter though.

You can now move your data back to /home/john. Have fun!

Note: I can't stress enough that you should make regular backups. Nothing is more frustrating than being locked out by your own encryption setup.


Troubleshooting

Especially /etc/pam.d/system-auth can be tricky. Try console login first, then GDM/KDM/XDM login. Move the auth * lines around and play with the use_first_pass arguments.

Remarks

Sometimes pam_mount can't unmount the disc on logout, especially when there are processes that still use files on the partition. A simple logout is thus not sufficient to make sure your data is save. You have to shutdown or check manually (as root).

If you want to use software suspend, see http://bugs.gentoo.org/162962 .

How secure is this? Please see http://forums.gentoo.org/viewtopic-t-274651.html for discussion on strength.

References

Retrieved from "http://www.gentoo-wiki.info/HOWTO_Encrypt_Your_Home_Directory_Using_LUKS_and_pam_mount"

Last modified: Thu, 18 Sep 2008 00:29:00 +0000 Hits: 17,752