<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
<title>Chapter4. Ôhe cryptographic device driver (CGD)</title>
<link rel="stylesheet" type="text/css" href="/global.css">
<meta name="generator" content="DocBook XSL Stylesheets VX.X.X">
<link rel="home" href="index.html" title="The NetBSD Guide">
<link rel="up" href="part-config.html" title="Part ÉII. Óystem configuration, administration and tuning">
<link rel="prev" href="chap-rmmedia.html" title="Chapter3. Õsing removable media">
<link rel="next" href="chap-ccd.html" title="Chapter5. Ãoncatenated Disk Device (CCD) configuration">
</head>
<body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF">
<div class="navheader">
<table width="100%" summary="Navigation header">
<tr><th colspan="3" align="center">Chapter4. Ôhe cryptographic device driver (CGD)</th></tr>
<tr>
<td width="20%" align="left">
<a accesskey="p" href="chap-rmmedia.html">Prev</a>/td>
<th width="60%" align="center">Part ÉII. Óystem configuration, administration and tuning</th>
<td width="20%" align="right">a accesskey="n" href="chap-ccd.html">Next</a>
</td>
</tr>
</table>
<hr>
</div>
<div class="chapter">
<div class="titlepage"><div><div><h2 class="title">
<a name="chap-cgd"></a>Chapter4. Ôhe cryptographic device driver (CGD)</h2></div></div></div>
<div class="toc">
<p><b>Table of Contents</b></p>
<dl class="toc">
<dt><span class="sect1"><a href="chap-cgd.html#chap-cgd-overview">14.1. Overview</a></span></dt>
<dd><dl>
<dt><span class="sect2"><a href="chap-cgd.html#chap-cgd-overview-why">14.1.1. Why use disk encryption?</a></span></dt>
<dt><span class="sect2"><a href="chap-cgd.html#chap-cgd-overview-logicaldriver">14.1.2. Logical Disk Drivers</a></span></dt>
<dt><span class="sect2"><a href="chap-cgd.html#chap-cgd-overview-availability">14.1.3. Availability</a></span></dt>
</dl></dd>
<dt><span class="sect1"><a href="chap-cgd.html#chap-cgd-components">14.2. Components of the Crypto-Graphic Disk system</a></span></dt>
<dd><dl>
<dt><span class="sect2"><a href="chap-cgd.html#chap-cgd-component-kernel">14.2.1. Kernel driver pseudo-device</a></span></dt>
<dt><span class="sect2"><a href="chap-cgd.html#chap-cgd-components-ciphers">14.2.2. Ciphers</a></span></dt>
<dt><span class="sect2"><a href="chap-cgd.html#chap-cgd-overview-verification">14.2.3. Verification Methods</a></span></dt>
</dl></dd>
<dt><span class="sect1"><a href="chap-cgd.html#chap-cgd-example">14.3. Example: encrypting your disk</a></span></dt>
<dd><dl>
<dt><span class="sect2"><a href="chap-cgd.html#chap-cgd-example-prepare">14.3.1. Preparing the disk</a></span></dt>
<dt><span class="sect2"><a href="chap-cgd.html#chap-cgd-example-scrubbing">14.3.2. Scrubbing the disk</a></span></dt>
<dt><span class="sect2"><a href="chap-cgd.html#chap-cgd-example-creating">14.3.3. Creating the <code class="devicename">cgd</code></a></span></dt>
<dt><span class="sect2"><a href="chap-cgd.html#chap-cgd-example-configfiles">14.3.4. Modifying configuration files</a></span></dt>
<dt><span class="sect2"><a href="chap-cgd.html#chap-cgd-example-restore">14.3.5. Restoring data</a></span></dt>
</dl></dd>
<dt><span class="sect1"><a href="chap-cgd.html#cryptocds">14.4. Example: encrypted CDs/DVDs</a></span></dt>
<dd><dl>
<dt><span class="sect2"><a href="chap-cgd.html#cryptocds-create">14.4.1. Creating an encrypted CD/DVD</a></span></dt>
<dt><span class="sect2"><a href="chap-cgd.html#cryptocds-use">14.4.2. Using an encrypted CD/DVD</a></span></dt>
</dl></dd>
<dt><span class="sect1"><a href="chap-cgd.html#chap-cgd-suggestions">14.5. Suggestions and Warnings</a></span></dt>
<dd><dl>
<dt><span class="sect2"><a href="chap-cgd.html#chap-cgd-swap-encryption">14.5.1. Using a random-key cgd for swap</a></span></dt>
<dt><span class="sect2"><a href="chap-cgd.html#chap-cgd-suggestions-warnings">14.5.2. Warnings</a></span></dt>
</dl></dd>
<dt><span class="sect1"><a href="chap-cgd.html#chap-cgd-further">14.6. Further Reading</a></span></dt>
</dl>
</div>
<p>The <code class="devicename">cgd</code> driver provides functionality
which allows you to use disks or partitions for encrypted storage.
After providing the appropriate key, the encrypted partition is
accessible using <code class="devicename">cgd</code> pseudo-devices.</p>
<div class="sect1">
<div class="titlepage"><div><div><h2 class="title" style="clear: both">
<a name="chap-cgd-overview"></a>14.1. Ïverview</h2></div></div></div>
<p>People often store sensitive information on their hard disks and
are concerned about this information falling into the wrong hands.
This is particularly relevant to users of laptops and other
portable devices, or portable media, which might be stolen or
accidentally misplaced.</p>
<div class="sect2">
<div class="titlepage"><div><div><h3 class="title">
<a name="chap-cgd-overview-why"></a>14.1.1. ×hy use disk encryption?</h3></div></div></div>
<p>File-oriented encryption tools like
<span class="application">GnuPG</span> are great for encrypting
individual files, which can then be sent across untrusted
networks as well as stored encrypted on disk. But sometimes
they can be inconvenient, because the file must be decrypted
each time it is to be used; this is especially cumbersome when
you have a large collection of files to protect. Any time a
security tool is cumbersome to use, there's a chance you'll
forget to use it properly, leaving the files unprotected for
the sake of convenience.</p>
<p>Worse, readable copies of the encrypted contents might still exist
on the hard disk. Even if you overwrite these files (using
<span class="command"><strong>rm -P</strong></span>) before unlinking them, your application
software might make temporary copies you don't know about, or have
been paged to swapspace - and even your hard disk might have
silently remapped failing sectors with data still in them.</p>
<p>The solution is to simply never write the information unencrypted
to the hard disk. Rather than taking a file-oriented approach to
encryption, consider a block-oriented approach - a virtual hard
disk, that looks just like a normal hard disk with normal
filesystems, but which encrypts and decrypts each block on the way
to and from the real disk.</p>
</div>
<div class="sect2">
<div class="titlepage"><div><div><h3 class="title">
<a name="chap-cgd-overview-logicaldriver"></a>14.1.2. Ìogical Disk Drivers</h3></div></div></div>
<p>The <code class="devicename">cgd</code> device looks and behaves to the rest of
the operating system like any other disk driver. Rather than
driving real hardware directly, it provides a logical function
layered on top of another block device. It has a special
configuration program, <span class="command"><strong>cgdconfig</strong></span>, to create and
configure a <code class="devicename">cgd</code> device and point it at the
underlying disk device that will hold the encrypted data.</p>
<p>NetBSD includes several other similar logical block devices, each
of which provides some other function where <code class="devicename">cgd</code>
provides encryption. You can stack several of these logical block
devices together:
you can make an encrypted
<code class="devicename">raid</code> to protect your encrypted data against
hard disk failure as well.</p>
<p>Once you have created a <code class="devicename">cgd</code> disk, you can
use <span class="command"><strong>disklabel</strong></span> to divide it up into
partitions, <span class="command"><strong>swapctl</strong></span> to enable swapping to
those partitions or <span class="command"><strong>newfs</strong></span> to make
filesystems, then <span class="command"><strong>mount</strong></span> and use those
filesystems, just like any other new disk.</p>
</div>
<div class="sect2">
<div class="titlepage"><div><div><h3 class="title">
<a name="chap-cgd-overview-availability"></a>14.1.3. Ávailability</h3></div></div></div>
<p>The <code class="devicename">cgd</code> driver was written by Roland
C. Dowdeswell, and introduced in the NetBSD 2.0 release.</p>
</div>
</div>
<div class="sect1">
<div class="titlepage"><div><div><h2 class="title" style="clear: both">
<a name="chap-cgd-components"></a>14.2. Ãomponents of the Crypto-Graphic Disk system</h2></div></div></div>
<p>A number of components and tools work together to make the
<code class="devicename">cgd</code> system effective.</p>
<div class="sect2">
<div class="titlepage"><div><div><h3 class="title">
<a name="chap-cgd-component-kernel"></a>14.2.1. Ëernel driver pseudo-device</h3></div></div></div>
<p>To use <code class="devicename">cgd</code> you need a kernel with support
for the <code class="devicename">cgd</code> pseudo-device. Make sure the
following line is in the kernel configuration file:</p>
<pre class="programlisting">pseudo-device cgd 4 # cryptographic disk driver</pre>
<p>The number specifies how many <code class="devicename">cgd</code>
devices may be configured at the same time. After configuring
the <code class="devicename">cgd</code> pseudo-device you can recompile
the kernel and boot it to enable <code class="devicename">cgd</code>
support.</p>
</div>
<div class="sect2">
<div class="titlepage"><div><div><h3 class="title">
<a name="chap-cgd-components-ciphers"></a>14.2.2. Ãiphers</h3></div></div></div>
<p>The <code class="devicename">cgd</code> driver provides the following
encryption algorithms:</p>
<div class="variablelist">
<p class="title"><b>Encryption Methods</b></p>
<dl class="variablelist">
<dt><span class="term"><code class="literal">aes-cbc</code></span></dt>
<dd><p>AES (Rijndael). AES uses a 128 bit blocksize and
accepts 128, 192 or 256 bit keys.</p></dd>
<dt><span class="term"><code class="literal">blowfish-cbc</code></span></dt>
<dd><p>Blowfish uses a 64 bit blocksize and accepts 128 bit
keys</p></dd>
<dt><span class="term"><code class="literal">3des-cbc</code></span></dt>
<dd><p>Triple DES uses a 64 bit blocksize and accepts
192 bit keys (only 168 bits are actually used for encryption)</p></dd>
</dl>
</div>
<p>All three ciphers are used in CBC mode. This means each block
is XORed with the previous encrypted block before
encryption. This reduces the risk that a pattern can be found,
which can be used to break the encryption.</p>
</div>
<div class="sect2">
<div class="titlepage"><div><div><h3 class="title">
<a name="chap-cgd-overview-verification"></a>14.2.3. Öerification Methods</h3></div></div></div>
<p>Another aspect of <code class="devicename">cgd</code> that needs some
attention are the verification methods
<span class="command"><strong>cgdconfig</strong></span> provides. These verification
methods are used to verify the passphrase is correct. The
following verification methods are available:</p>
<div class="variablelist">
<p class="title"><b>Verification Methods</b></p>
<dl class="variablelist">
<dt><span class="term"><code class="literal">none</code></span></dt>
<dd><p>no verification is performed. This can be dangerous,
because the key is not verified at all. When a wrong key
is entered <span class="command"><strong>cgdconfig</strong></span> configures the
<code class="devicename">cgd</code> device as normal, but data
which was available on the volume will be destroyed
(decrypting blocks with a wrong key will result in
random data, which will result in a regeneration of the
disklabel with the current key).</p></dd>
<dt><span class="term"><code class="literal">disklabel</code></span></dt>
<dd><p><span class="command"><strong>cgdconfig</strong></span> scans for a valid
disklabel. If a valid disklabel is found with the key
that is provided authentication will succeed.</p></dd>
<dt><span class="term"><code class="literal">ffs</code></span></dt>
<dd><p><span class="command"><strong>cgdconfig</strong></span> scans for a valid FFS file
system. If a valid FFS file system is found with the key
that is provided authentication will succeed.</p></dd>
</dl>
</div>
</div>
</div>
<div class="sect1">
<div class="titlepage"><div><div><h2 class="title" style="clear: both">
<a name="chap-cgd-example"></a>14.3. Åxample: encrypting your disk</h2></div></div></div>
<p>This section works through a step-by-step example of converting
an existing system to use <code class="devicename">cgd</code>,
performing the following actions:</p>
<div class="orderedlist"><ol class="orderedlist" type="1">
<li class="listitem"><p>Preparing the disk and partitions</p></li>
<li class="listitem"><p>Scrub off all data</p></li>
<li class="listitem"><p>Create the cgd</p></li>
<li class="listitem"><p>Adjust config-files</p></li>
<li class="listitem"><p>Restoring your backed-up files to the encrypted disk</p></li>
</ol></div>
<div class="sect2">
<div class="titlepage"><div><div><h3 class="title">
<a name="chap-cgd-example-prepare"></a>14.3.1. Ðreparing the disk</h3></div></div></div>
<p>First, decide which filesystems you want to move to an encrypted
device. You're going to need to leave at least the small root
(<code class="filename">/</code>) filesystem unencrypted, in order to load
the kernel and run <span class="command"><strong>init</strong></span>,
<span class="command"><strong>cgdconfig</strong></span> and the <span class="command"><strong>rc.d</strong></span>
scripts that configure your <code class="devicename">cgd</code>. In this
example, we'll encrypt everything except the root
(<code class="filename">/</code>) filesystem.</p>
<p>We are going to delete and re-make partitions and filesystems,
and will require a backup to restore the data. So make sure
you have a current, reliable backup stored on a different disk
or machine. Do your backup in single-user mode, with the
filesystems unmounted, to ensure you get a clean
<span class="command"><strong>dump</strong></span>. Make sure you back up the disklabel
of your hard disk as well, so you have a record of the
partition layout before you started.</p>
<p>With the system at single user, <code class="filename">/</code> mounted
read-write and everything else unmounted, use
<span class="command"><strong>disklabel</strong></span> to delete all the data partitions
you want to move into <code class="devicename">cgd</code>.</p>
<p>Then make a single new partition in all the space you just
freed up, say, <em class="replaceable"><code>wd0e</code></em>. Set the
partition type for this partition to <code class="devicename">cgd</code>
Though it doesn't really matter what it is, it will help remind
you that it's not a normal filesystem later. When finished,
label the disk to save the new partition table.</p>
</div>
<div class="sect2">
<div class="titlepage"><div><div><h3 class="title">
<a name="chap-cgd-example-scrubbing"></a>14.3.2. Ócrubbing the disk</h3></div></div></div>
<p>We have removed the partition table information, but the
existing filesystems and data are still on disk. Even after
we make a <code class="devicename">cgd</code> device, create filesystems,
and restore our data, some of these disk blocks might not yet
be overwritten and still contain our data in plaintext. This
is especially likely if the filesystems are mostly empty. We
want to scrub the disk before we go further.</p>
<p>We could use <span class="command"><strong>dd</strong></span> to copy
<code class="filename">/dev/zero</code> over the new
<em class="replaceable"><code>wd0e</code></em> partition, but this will leave
our disk full of zeros, except where we've written encrypted
data later. We might not want to give an attacker any clues
about which blocks contain real data, and which are free
space, so we want to write "noise" into all the disk
blocks. So we'll create a temporary <code class="devicename">cgd</code>,
configured with a random, unknown key.</p>
<p>First, we configure a <code class="devicename">cgd</code> to use a random key:</p>
<pre class="screen"><code class="prompt">#</code> <strong class="userinput"><code>cgdconfig -s cgd0 /dev/wd0e aes-cbc 128 < /dev/urandom </code></strong></pre>
<p>Now we can write zeros into the raw partition of our
<code class="devicename">cgd</code> (<code class="filename">/dev/rcgd0d</code> on
NetBSD/i386, <code class="filename">/dev/rcgd0c</code> on most other
platforms):</p>
<pre class="screen"><code class="prompt">#</code> <strong class="userinput"><code>dd if=/dev/zero of=/dev/rcgd0d bs=32k</code></strong></pre>
<p>The encrypted zeros will look like random data on disk. This might
take a while if you have a large disk. Once finished, unconfigure the
random-key <code class="devicename">cgd</code>:</p>
<pre class="screen"><code class="prompt">#</code> <strong class="userinput"><code>cgdconfig -u cgd0</code></strong></pre>
</div>
<div class="sect2">
<div class="titlepage"><div><div><h3 class="title">
<a name="chap-cgd-example-creating"></a>14.3.3. Ãreating the <code class="devicename">cgd</code>
</h3></div></div></div>
<p>The <span class="command"><strong>cgdconfig</strong></span> program, which manipulates
<code class="devicename">cgd</code> devices, uses parameters files to store
such information as the encryption type, key length, and a
random password salt for each <code class="devicename">cgd</code>. These
files are very important, and need to be kept safe - without
them, you will not be able to decrypt the data!</p>
<p>We'll generate a parameters file and write it into the default
location (make sure the directory
<code class="filename">/etc/cgd</code> exists and is mode 700):</p>
<pre class="screen"><code class="prompt">#</code> <strong class="userinput"><code>cgdconfig -g -V disklabel -o /etc/cgd/wd0e aes-cbc 256</code></strong></pre>
<p>This creates a parameters file
<code class="filename">/etc/cgd/wd0e</code> describing a
<code class="devicename">cgd</code> using the
<code class="literal">aes-cbc</code> cipher method, a key
verification method of <code class="literal">disklabel</code>,
and a key length of <code class="literal">256</code>
bits. It will look something like this:</p>
<pre class="programlisting">algorithm aes-cbc;
iv-method encblkno;
keylength 256;
verify_method disklabel;
keygen pkcs5_pbkdf2/sha1 {
iterations 6275;
salt AAAAgHTg/jKCd2ZJiOSGrgnadGw=;
};</pre>
<div class="note" style="margin-left: 0.5in; margin-right: 0.5in;">
<h3 class="title">Note</h3>
<p>Remember, you'll want to save this file somewhere safe
later.</p>
</div>
<div class="tip" style="margin-left: 0.5in; margin-right: 0.5in;">
<h3 class="title">Tip</h3>
<p>When creating the parameters file,
<span class="command"><strong>cgdconfig</strong></span> reads from
<code class="filename">/dev/random</code> to create the password
salt. This read may block if there is not enough collected
entropy in the random pool. This is unlikely, especially if
you just finished overwriting the disk as in the previous
step, but if it happens you can press keys on the console
and/or move your mouse until the
<code class="devicename">rnd</code> device gathers enough
entropy.</p>
</div>
<p>Now it's time to create our <code class="devicename">cgd</code>, for which
we'll need a passphrase. This passphrase needs to be entered
every time the <code class="devicename">cgd</code> is opened, which is
usually at each reboot. The encryption key is derived from this
passphrase and the salt. Make sure you choose something you won't
forget, and others won't guess.</p>
<p>The first time we configure the <code class="devicename">cgd</code>, there
is no valid disklabel on the logical device, so the validation
mechanism we want to use later won't work. We override it this
one time:</p>
<pre class="screen"><code class="prompt">#</code> <strong class="userinput"><code>cgdconfig -V re-enter cgd0 /dev/wd0e</code></strong></pre>
<p>This will prompt twice for a matching passphrase, just in case
you make a typo, which would otherwise leave you with a
<code class="devicename">cgd</code> encrypted with a passphrase that's
different to what you expected.</p>
<p>Now that we have a new <code class="devicename">cgd</code>, we need to
partition it and create filesystems. Recreate your previous
partitions with all the same sizes, with the same letter
names.</p>
<div class="tip" style="margin-left: 0.5in; margin-right: 0.5in;">
<h3 class="title">Tip</h3>
<p>Remember to use the <span class="command"><strong>disklabel -I</strong></span>
argument, because you're creating an initial label for a new
disk.</p>
</div>
<div class="note" style="margin-left: 0.5in; margin-right: 0.5in;">
<h3 class="title">Note</h3>
<p>Although you want the sizes of your new partitions to be
the same as the old, unencrypted ones, the offsets will be
different because they're starting at the beginning of this
virtual disk.</p>
</div>
<p>Then, use <span class="command"><strong>newfs</strong></span> to create filesystems on
all the relevant partitions. This time your partitions will
reflect the <code class="devicename">cgd</code> disk names, for example:</p>
<pre class="screen"><code class="prompt">#</code> <strong class="userinput"><code>newfs /dev/rcgd0h</code></strong></pre>
</div>
<div class="sect2">
<div class="titlepage"><div><div><h3 class="title">
<a name="chap-cgd-example-configfiles"></a>14.3.4. Íodifying configuration files</h3></div></div></div>
<p>We've moved several filesystems to another (logical) disk, and
we need to update <code class="filename">/etc/fstab</code>
accordingly. Each partition will have the same letter (in this
example), but will be on <code class="devicename">cgd0</code> rather than
<code class="devicename">wd0</code>. So you'll have
<code class="filename">/etc/fstab</code> entries something like this:</p>
<pre class="programlisting">/dev/wd0a / ffs rw 1 1
/dev/cgd0b none swap sw 0 0
/dev/cgd0b /tmp mfs rw,-s=132m 0 0
/dev/cgd0e /var ffs rw 1 2
/dev/cgd0f /usr ffs rw 1 2
/dev/cgd0h /home ffs rw 1 2</pre>
<div class="note" style="margin-left: 0.5in; margin-right: 0.5in;">
<h3 class="title">Note</h3>
<p><code class="filename">/tmp</code> should be a separate filesystem,
either <code class="devicename">mfs</code> or <code class="devicename">ffs</code>,
inside the <code class="devicename">cgd</code>, so that your temporary
files are not stored in plain text in the
<code class="filename">/</code> filesystem.</p>
</div>
<p>Each time you reboot, you're going to need your
<code class="devicename">cgd</code> configured early, before
<span class="command"><strong>fsck</strong></span> runs and filesystems are mounted.</p>
<p>Put the following line in
<code class="filename">/etc/cgd/cgd.conf</code>:</p>
<pre class="programlisting">cgd0 /dev/wd0e</pre>
<p>This will use <code class="filename">/etc/cgd/wd0e</code> as config
file for <code class="devicename">cgd0</code>.</p>
<p>To finally enable cgd on each boot, put the following line
into <code class="filename">/etc/rc.conf</code>:</p>
<pre class="programlisting">cgd=YES</pre>
<p>You should now be prompted for
<code class="filename">/dev/cgd0</code>'s passphrase whenever
<code class="filename">/etc/rc</code> starts.</p>
</div>
<div class="sect2">
<div class="titlepage"><div><div><h3 class="title">
<a name="chap-cgd-example-restore"></a>14.3.5. Òestoring data</h3></div></div></div>
<p>Next, <span class="command"><strong>mount</strong></span> your new filesystems, and
<span class="command"><strong>restore</strong></span> your data into them. It often helps
to have <code class="filename">/tmp</code> mounted properly first, as
<span class="command"><strong>restore</strong></span> can use a fair amount of temporary
space when extracting a large dumpfile.</p>
<p>To test your changes to the boot configuration,
<span class="command"><strong>umount</strong></span> the filesystems and unconfigure the
<code class="devicename">cgd</code>, so when you exit the single-user
shell, <span class="command"><strong>rc</strong></span> will run like on a clean boot,
prompting you for the passphrase and mounting your filesystems
correctly. Now you can bring the system up to multi-user, and
make sure everything works as before.</p>
</div>
</div>
<div class="sect1">
<div class="titlepage"><div><div><h2 class="title" style="clear: both">
<a name="cryptocds"></a>14.4. Åxample: encrypted CDs/DVDs</h2></div></div></div>
<div class="sect2">
<div class="titlepage"><div><div><h3 class="title">
<a name="cryptocds-create"></a>14.4.1. Ãreating an encrypted CD/DVD</h3></div></div></div>
<p>cgd(4) provides highly secure encryption of whole partitions
or disks. Unfortunately, creating "normal" CDs is not
disklabeling something and running newfs on it. Neither can you
just put a CDR into the drive, configure cgd and assume it to
write encrypted data when syncing. Standard CDs contain at
least an ISO-9660 filesystem created with mkisofs(8) from the
<a href="https://cdn.NetBSD.org/pub/pkgsrc/current/pkgsrc/sysutils/cdrtools/README.html" target="_top"><code class="filename">sysutils/cdrtools</code></a> package.
ISO images may <span class="emphasis"><em>not</em></span> contain disklabels or
cgd partitions.</p>
<p>But of course CD reader/writer hardware doesn't care about
filesystems at all. You can write raw data to the CD if you
like - or an encrypted FFS filesystem, which is what we'll do
here. But be warned, there is NO way to read this CD with any
OS except NetBSD - not even other BSDs due to the lack of cgd.</p>
<p>The basic steps when creating an encrypted CD are:</p>
<div class="itemizedlist"><ul class="itemizedlist" style="list-style-type: disc; ">
<li class="listitem"><p>Create an (empty) imagefile</p></li>
<li class="listitem"><p>Register it as a virtual disk using vnd(4)</p></li>
<li class="listitem"><p>Configure cgd inside the vnd disk</p></li>
<li class="listitem"><p>Copy content to the cgd</p></li>
<li class="listitem"><p>Unconfigure all (flush!)</p></li>
<li class="listitem"><p>Write the image on a CD</p></li>
</ul></div>
<p>The first step when creating an encrypted CD is to create a
single image file with dd. The image may not grow, so make it
large enough to allow all CD content to fit into. Note that
the whole image gets written to the CD later, so creating a
700 MB image for 100 MB content will still require a 700 MB
write operation to the CD. Some info on DVDs here: DVDs are
only 4.7 GB in marketing language. 4.7GB = 4.7 x 1024 x 1024 x
1024 = 5046586573 bytes. In fact, a DVD can only
approximately hold 4.7 x 1000 x 1000 x 1000 = 4700000000
bytes, which is about 4482 MB or about 4.37 GB. Keep this in
mind when creating DVD images. Don't worry for CDs, they hold
"real" 700 MB (734003200 Bytes).</p>
<p>Invoke all following commands as root!</p>
<p>For a CD:</p>
<pre class="screen"><code class="prompt">#</code> <strong class="userinput"><code>dd if=/dev/zero of=image.img bs=1m count=700</code></strong></pre>
<p>or, for a DVD:</p>
<pre class="screen"><code class="prompt">#</code> <strong class="userinput"><code>dd if=/dev/zero of=image.img bs=1m count=4482</code></strong></pre>
<p>Now configure a <a class="citerefentry" href="http://netbsd.gw.com/cgi-bin/man-cgi?vnd+4.i386+NetBSD-7.1.2"><span class="citerefentry"><span class="refentrytitle">vnd</span>(4)</span></a>-pseudo disk with the image:</p>
<pre class="screen"><code class="prompt">#</code> <strong class="userinput"><code>vnconfig vnd0 image.img</code></strong></pre>
<p>In order to use cgd, a so-called parameter file, describing
encryption parameters and a containing "password salt" must be
generated. We'll call it <code class="filename">/etc/cgd/image</code>
here. You can use one parameter file for several encrypted
partitions (I use one different file for each host and a
shared file <code class="filename">image</code> for all removable
media, but that's up to you).</p>
<p>I'll use AES-CBC with a keylength of 256 bits. Refer to
<a class="citerefentry" href="http://netbsd.gw.com/cgi-bin/man-cgi?cgd+4.i386+NetBSD-7.1.2"><span class="citerefentry"><span class="refentrytitle">cgd</span>(4)</span></a> and <a class="citerefentry" href="http://netbsd.gw.com/cgi-bin/man-cgi?cgdconfig+8.i386+NetBSD-7.1.2"><span class="citerefentry"><span class="refentrytitle">cgdconfig</span>(8)</span></a> for details and alternatives.</p>
<p>The following command will create the parameter file as
<code class="filename">/etc/cgd/image</code>. <span class="emphasis"><em>YOU DO NOT WANT
TO INVOKE THE FOLLOWING COMMAND AGAIN</em></span> after you
burnt any CD, since a recreated parameter file is a lost
parameter file and you'll never access your encrypted CD again
(the "salt" this file contains will differ among each
call). Consider this file being <span class="emphasis"><em>HOLY, BACKUP
IT</em></span> and <span class="emphasis"><em>BACKUP IT AGAIN!</em></span> Use
switch -V to specify verification method "disklabel" for the CD
(cgd cannot detect whether you entered a valid password for the
CD later when mounting it otherwise).</p>
<pre class="screen"><code class="prompt">#</code> <strong class="userinput"><code>cgdconfig -g -V disklabel aes-cbc 256 > /etc/cgd/image</code></strong></pre>
<p>Now it's time to configure a cgd for our vnd drive. (Replace
slice "d" with "c" for all platforms that use "c" as the whole
disk (where "<span class="command"><strong>sysctl kern.rawpartition</strong></span>"
prints "2", not "3"); if you're on i386 or amd64, "d" is OK
for you):</p>
<pre class="screen"><code class="prompt">#</code> <strong class="userinput"><code>cgdconfig -V re-enter cgd1 /dev/vnd0d /etc/cgd/image</code></strong></pre>
<p>The "<code class="option">-V re-enter</code>" option is necessary
as long as the
cgd doesn't have a disklabel yet so we can access and
configure
it. This switch asks for a password twice and uses it for
encryption.</p>
<p>Now it's time to create a disklabel inside the cgd. The
defaults of the label are ok, so invoking disklabel with</p>
<pre class="screen"><code class="prompt">#</code> <strong class="userinput"><code>disklabel -e -I cgd1</code></strong></pre>
<p>and leaving vi with "<span class="command"><strong>:wq</strong></span>"
immediately will do.</p>
<p>Let's create a filesystem on the cgd, and finally mount it
somewhere:</p>
<pre class="screen"><code class="prompt">#</code> <strong class="userinput"><code>newfs /dev/rcgd1a</code></strong>
<code class="prompt">#</code> <strong class="userinput"><code>mount /dev/cgd1a /mnt</code></strong></pre>
<p>The cgd is alive! Now fill <code class="filename">/mnt</code> with
content. When finished, reverse the configuration process. The
steps are:</p>
<div class="orderedlist"><ol class="orderedlist" type="1">
<li class="listitem">
<p>Unmounting the cgd1a:</p>
<pre class="screen"><code class="prompt">#</code> <strong class="userinput"><code>umount /mnt</code></strong></pre>
</li>
<li class="listitem">
<p>Unconfiguring the cgd:</p>
<pre class="screen"><code class="prompt">#</code> <strong class="userinput"><code>cgdconfig -u cgd1</code></strong></pre>
</li>
<li class="listitem">
<p>Unconfiguring the vnd: </p>
<pre class="screen"><code class="prompt">#</code> <strong class="userinput"><code>vnconfig -u vnd0</code></strong></pre>
</li>
</ol></div>
<p>The following commands are examples to burn the images on CD
or DVD. Please adjust the <em class="parameter"><code>dev=</code></em> for
cdrecord or the <code class="filename">/dev/rcd0d</code> for
growisofs. Note the
"<span class="emphasis"><em>r</em></span><code class="filename">cd0d</code>"
<span class="emphasis"><em>is</em></span> necessary with NetBSD. Growisofs is
available in the <a href="https://cdn.NetBSD.org/pub/pkgsrc/current/pkgsrc/sysutils/dvd+rw-tools/README.html" target="_top"><code class="filename">sysutils/dvd+rw-tools</code></a>
package. Again, use "<code class="filename">c</code>" instead of
"<code class="filename">d</code>" if this is the raw partition on your
platform.</p>
<p>Finally, write the image file to a CD:</p>
<pre class="screen"><code class="prompt">#</code> <strong class="userinput"><code>cdrecord dev=/dev/rcd0d -v image.img</code></strong></pre>
<p>...or to a DVD:</p>
<pre class="screen"><code class="prompt">#</code> <strong class="userinput"><code>growisofs -dvd-compat -Z /dev/rcd0d=image.img</code></strong></pre>
<p>Congratulations! You've just created a really secure CD!</p>
</div>
<div class="sect2">
<div class="titlepage"><div><div><h3 class="title">
<a name="cryptocds-use"></a>14.4.2. Õsing an encrypted CD/DVD</h3></div></div></div>
<p>After creating an encrypted CD as described above, we're not
done yet - what about mounting it again? One might guess,
configuring the cgd on <code class="filename">/dev/cd0d</code> is
enough - no, it is not.</p>
<p>NetBSD cannot access FFS file systems on media that is not 512
bytes/sector format. It doesn't matter that the cgd on the CD
is, since the CD's disklabel the cgd resides in has 2048
bytes/sector.</p>
<p>But the CD driver cd(4) is smart enough to grant "write"
access to the (emulated) disklabel on the CD. So before
configuring the cgd, let's have a look at the disklabel and
modify it a bit:</p>
<pre class="screen"><code class="prompt">#</code> <strong class="userinput"><code>disklabel -e cd0</code></strong>
# /dev/rcd0d:
type: ATAPI
disk: mydisc
label: fictitious
flags: removable
bytes/sector: 2048 <strong class="userinput"><code># -- Change to 512 (= orig / 4)</code></strong>
sectors/track: 100 <strong class="userinput"><code># -- Change to 400 (= orig * 4)</code></strong>
tracks/cylinder: 1
sectors/cylinder: 100 <strong class="userinput"><code># -- Change to 400 (= orig * 4)</code></strong>
cylinders: 164
total sectors: 16386 <strong class="userinput"><code># -- Change to value of slice "d" (=65544)</code></strong>
rpm: 300
interleave: 1
trackskew: 0
cylinderskew: 0
headswitch: 0 # microseconds
track-to-track seek: 0 # microseconds
drivedata: 0
4 partitions:
# size offset fstype [fsize bsize cpg/sgs]
a: 65544 0 4.2BSD 0 0 0 # (Cyl. 0 - 655+)
d: 65544 0 ISO9660 0 0 # (Cyl. 0 - 655+)</pre>
<p>If you don't want to do these changes every time by hand, you
can use Florian Stoehr's tool <span class="bold"><strong>neb-cd512</strong></span> which is (at time of writing
this) in pkgsrc-wip and will move to
<a href="https://cdn.NetBSD.org/pub/pkgsrc/current/pkgsrc/sysutils/neb-cd512/README.html" target="_top"><code class="filename">sysutils/neb-cd512</code></a> soon.
You can also download the neb-cd512 source from <a class="ulink" href="http://sourceforge.net/projects/neb-stoehr/" target="_top">
http://sourceforge.net/projects/neb-stoehr/</a> (be sure
to use neb-cd512, not neb-wipe!).</p>
<p>It is invoked with the disk name as parameter, by root:</p>
<pre class="screen"><code class="prompt">#</code> <strong class="userinput"><code>neb-cd512 cd0</code></strong></pre>
<p>Now as the disklabel is in 512 b/s format, accessing the CD
is as easy as:</p>
<pre class="screen"><code class="prompt">#</code> <strong class="userinput"><code>cgdconfig cgd1 /dev/cd0d /etc/cgd/image</code></strong>
<code class="prompt">#</code> <strong class="userinput"><code>mount -o ro /dev/cgd1a /mnt</code></strong></pre>
<p>Note that the cgd <span class="emphasis"><em>MUST</em></span> be mounted read-only
or you'll get illegal command errors from the cd(4) driver which
can in some cases make even mounting a CD-based cgd impossible!</p>
<p>Now we're done! Enjoy your secure CD!</p>
<pre class="screen"><code class="prompt">#</code> <strong class="userinput"><code>ls /mnt</code></strong></pre>
<p>Remember you have to reverse all steps to remove the CD:</p>
<pre class="screen"><code class="prompt">#</code> <strong class="userinput"><code>umount /mnt</code></strong>
<code class="prompt">#</code> <strong class="userinput"><code>cgdconfig -u cgd1</code></strong>
<code class="prompt">#</code> <strong class="userinput"><code>eject cd0</code></strong></pre>
</div>
</div>
<div class="sect1">
<div class="titlepage"><div><div><h2 class="title" style="clear: both">
<a name="chap-cgd-suggestions"></a>14.5. Óuggestions and Warnings</h2></div></div></div>
<p>You now have your filesystems encrypted within a
<code class="devicename">cgd</code>. When your machine is shut down, the data
is protected, and can't be decrypted without the passphrase.
However, there are still some dangers you should be aware of,
and more you can do with <code class="devicename">cgd</code>. This section
documents several further suggestions and warnings that will
help you use <code class="devicename">cgd</code> effectively.</p>
<div class="itemizedlist"><ul class="itemizedlist" style="list-style-type: disc; ">
<li class="listitem"><p>Use multiple <code class="devicename">cgd</code>'s for different kinds of
data, one mounted all the time and others mounted only when
needed.</p></li>
<li class="listitem"><p>Use a <code class="devicename">cgd</code> configured on top of a
<code class="devicename">vnd</code> made from a file on a remote network
fileserver (NFS, SMBFS, CODA, etc) to safely store private data
on a shared system. This is similar to the procedure for
using encrypted CDs and DVDs described in <a class="xref" href="chap-cgd.html#cryptocds" title="14.4. Åxample: encrypted CDs/DVDs">Section4.4, “Example: encrypted CDs/DVDs”</a>.</p></li>
</ul></div>
<div class="sect2">
<div class="titlepage"><div><div><h3 class="title">
<a name="chap-cgd-swap-encryption"></a>14.5.1. Õsing a random-key cgd for swap</h3></div></div></div>
<p>You may want to use a dedicated random-key
<code class="devicename">cgd</code> for swap space, regenerating the key
each reboot. The advantage of this is that once your machine
is rebooted, any sensitive program memory contents that may
have been paged out are permanently unrecoverable, because the
decryption key is never known to you.</p>
<p>We created a temporary <code class="devicename">cgd</code> with a random
key when scrubbing the disk in the example above, using a
shorthand <span class="command"><strong>cgdconfig -s</strong></span> invocation to avoid
creating a parameters file.</p>
<p>The <span class="command"><strong>cgdconfig</strong></span> params file includes a
<span class="quote">“<span class="quote">randomkey</span>”</span> keygen method. This is more
appropriate for "permanent" random-key configurations, and
facilitates the easy automatic configuration of these volumes
at boot time.</p>
<p>For example, if you wanted to convert your existing
<code class="filename">/dev/wd0b</code> partition to a dedicated
random-key cgd1, use the following command to generate
<code class="filename">/etc/cgd/wd0b</code>:</p>
<pre class="screen"><code class="prompt">#</code> <span class="command"><strong>cgdconfig -g -o /etc/cgd/wd0b -V none -k randomkey blowfish-cbc</strong></span></pre>
<p>When using the randomkey keygen method, only verification
method "none" can be used, because the contents of the new
<code class="devicename">cgd</code> are effectively random each time (the
previous data decrypted with a random key). Likewise, the new
disk will not have a valid label or partitions, and
<span class="command"><strong>swapctl</strong></span> will complain about configuring
swap devices not marked as such in a disklabel.</p>
<p>In order to automate the process of labeling the disk,
prepare an appropriate disklabel and save it to a file, for
example <code class="filename">/etc/cgd/wd0b.disklabel</code>. Please
refer to <a class="citerefentry" href="http://netbsd.gw.com/cgi-bin/man-cgi?disklabel+8.i386+NetBSD-7.1.2"><span class="citerefentry"><span class="refentrytitle">disklabel</span>(8)</span></a> for information about
how to use <span class="command"><strong>disklabel</strong></span> to set up a swap
partition.</p>
<p>On each reboot, to restore this saved label to the new
<code class="devicename">cgd</code>, create the
<code class="filename">/etc/rc.conf.d/cgd</code> file as below:</p>
<pre class="programlisting">swap_device="cgd1"
swap_disklabel="/etc/cgd/wd0b.disklabel"
start_postcmd="cgd_swap"
cgd_swap()
{
if [ -f $swap_disklabel ]; then
disklabel -R -r $swap_device $swap_disklabel
fi
}</pre>
<p>The same technique could be extended to encompass using
<span class="command"><strong>newfs</strong></span> to re-create an
<code class="devicename">ffs</code> filesystem for
<code class="filename">/tmp</code> if you didn't want to use
<code class="devicename">mfs</code>.</p>
</div>
<div class="sect2">
<div class="titlepage"><div><div><h3 class="title">
<a name="chap-cgd-suggestions-warnings"></a>14.5.2. ×arnings</h3></div></div></div>
<p>Prevent cryptographic disasters by making sure you can always
recover your passphrase and parameters file. Protect the
parameters file from disclosure, perhaps by storing it on
removable media as above, because the salt it contains helps
protect against dictionary attacks on the passphrase.</p>
<p>Keeping the data encrypted on your disk is all very well, but
what about other copies? You already have at least one other
such copy (the backup we used during this setup), and it's not
encrypted. Piping <span class="command"><strong>dump</strong></span> through file-based
encryption tools like <span class="command"><strong>gpg</strong></span> can be one way of
addressing this issue, but make sure you have all the keys and
tools you need to decrypt it to <span class="command"><strong>restore</strong></span>
after a disaster.</p>
<p>Like any form of software encryption, the
<code class="devicename">cgd</code> key stays in kernel memory while the
device is configured, and may be accessible to privileged
programs and users, such as <code class="filename">/dev/kmem</code>
grovellers. Taking other system security steps, such as
running with elevated securelevel, is highly recommended.</p>
<p>Once the <code class="devicename">cgd</code> volumes are mounted as normal
filesystems, their contents are accessible like any other
file. Take care of file permissions and ensure your running
system is protected against application and network security
attack.</p>
<p>Avoid using suspend/resume, especially for laptops with a BIOS
suspend-to-disk function. If an attacker can resume your
laptop with the key still in memory, or read it from the
suspend-to-disk memory image on the hard disk later, the whole
point of using <code class="devicename">cgd</code> is lost.</p>
</div>
</div>
<div class="sect1">
<div class="titlepage"><div><div><h2 class="title" style="clear: both">
<a name="chap-cgd-further"></a>14.6. Æurther Reading</h2></div></div></div>
<p>
The following resources contain more information on CGD:
</p>
<div class="bibliography">
<div class="titlepage"><div><div><h3 class="title">
<a name="chap-cgd-bibliography"></a>Bibliography</h3></div></div></div>
<div class="biblioentry">
<a name="smackie-cgd"></a><p>[smackie-cgd] <span class="title"><i><a class="ulink" href="http://www.bsdguides.org/2005/cgd-setup/" target="_top">NetBSD CGD Setup</a></i>. </span><span class="author"><span class="firstname">Stuart</span> <span class="surname">Mackie</span>. </span></p>
</div>
<div class="biblioentry">
<a name="nycbug-cgd"></a><p>[nycbug-cgd] <span class="title"><i><a class="ulink" href="http://genoverly.com/articles/view/5/" target="_top">
I want my cgd</a> aka: I want an encrypted pseudo-device on my laptop</i>. </span></p>
</div>
<div class="biblioentry">
<a name="elric-cgd"></a><p>[elric-cgd] <span class="title"><i>The original paper on <a class="ulink" href="http://www.imrryr.org/~elric/cgd/cgd.pdf" target="_top">
The CryptoGraphic Disk Driver</a></i>. </span><span class="authorgroup"><span class="firstname">Roland</span> <span class="surname">Dowdeswell</span> and <span class="firstname">John</span> <span class="surname">Ioannidis</span>. </span></p>
</div>
<div class="biblioentry">
<a name="biancuzzi-cgd"></a><p>[biancuzzi-cgd] <span class="title"><i><a class="ulink" href="http://onlamp.com/pub/a/bsd/2005/12/21/netbsd_cgd.html" target="_top">Inside NetBSD's CGD</a> - an interview with CGD creator Roland Dowdeswell</i>. </span><span class="author"><span class="firstname">Biancuzzi</span> <span class="surname">Federico</span>. </span></p>
</div>
<div class="biblioentry">
<a name="hubertf-cgd"></a><p>[hubertf-cgd] <span class="title"><i><a class="ulink" href="http://www.feyrer.de/NetBSD/blog.html/nb_20060823_2311.html" target="_top">CryptoGraphicFile (CGF)</a>, or how to keep sensitive data on your laptop</i>. </span><span class="author"><span class="firstname">Feyrer</span> <span class="surname">Hubert</span>. </span></p>
</div>
</div>
</div>
</div>
<div class="navfooter">
<hr>
<table width="100%" summary="Navigation footer">
<tr>
<td width="40%" align="left">
<a accesskey="p" href="chap-rmmedia.html">Prev</a>/td>
<td width="20%" align="center"><a accesskey="u" href="part-config.html">Up</a></td>
<td width="40%" align="right">a accesskey="n" href="chap-ccd.html">Next</a>
</td>
</tr>
<tr>
<td width="40%" align="left" valign="top">Chapter3. Õsing removable media/td>
<td width="20%" align="center"><a accesskey="h" href="index.html">Home</a></td>
<td width="40%" align="right" valign="top"> Ãhapter5. Ãoncatenated Disk Device (CCD) configuration</td>
</tr>
</table>
</div>
</body>
</html>
![[BACK]](/icons/back.gif){kind=icon}
Return to chap-cgd.html CVS log ![[TXT]](/icons/text.gif){kind=icon}
![[DIR]](/icons/dir.gif){kind=icon}
Up to [cvs.NetBSD.org] / htdocs / docs / guide / en