FreeOTFE logo FreeOTFE
Free disk encryption software for PCs and PDAs
(PDA version of WWW site)

Contents

Linux Examples: Cryptoloop

This section gives a series of examples of how to create Linux Cryptoloop (losetup) volumes, and then mount them using FreeOTFE.

These examples have been tested using SuSE 9.2; though they should work for all compatible Linux distributions.

Initial Setup

To begin using Cryptoloop under Linux, ensure that the various kernel modules are installed: 

modprobe cryptoloop

modprobe deflate
modprobe zlib_deflate
modprobe twofish
modprobe serpent
modprobe aes_i586
modprobe blowfish
modprobe des
modprobe sha256
modprobe sha512
modprobe crypto_null
modprobe md4
modprobe md5
modprobe arc4
modprobe khazad
modprobe anubis
Typing "lsmod" will show you which modules are currently installed.
The examples shown below may then be followed to create and use various volume files.

Defaults

If not overridden by the user, Cryptoloop defaults to no encryption. If the user specifies that they do want encryption (i.e. passes "losetup" a "-e" parameter), Cryptoloop defaults to the following:

Cypher: As specified by the user (no encryption takes place if no cypher is specified)
Cypher keysize: 128 bit
User key processed with: The hash used to process the user's key is dependant on the cypher's keysize:

Cypher keysize Hash
128 - 191 bits SHA-256
192 - 255 bits SHA-384
256+ bits SHA-512

"Hash with "A"s, if hash output is too short" option - this option should not be selected; if the hash used outputs too few bits, its output is right-padded with 0x00 characters to the required length.

IV generation: 32 bit sector ID

Example #1: Mounting a Cryptoloop Volume Without Encryption

 This is the simplest form of Linux volume file, and the recommended starting point for checking that FreeOTFE is operating correctly.

Creating the volume file under Linux: 
dd if=/dev/zero of=./vol_none bs=1k count=1024
losetup /dev/loop0 ./vol_none
mkdosfs /dev/loop0
mkdir ./test_mountpoint
mount /dev/loop0 ./test_mountpoint
echo "This is a text test file" > ./test_mountpoint/SHORT_TEXT.txt
umount /dev/loop0
losetup -d /dev/loop0
rm -rf ./test_mountpoint
Mounting the volume under FreeOTFE:
  1. Select "Linux | Mount..."
  2. Select the volume file
  3. "Key" tab:
    • Leave key blank
    • Leave GPG executable blank
    • Leave GPG keyfile blank
    • Leave seed blank
    • Select the "Null" hash
    • Leave iteration count at 0
  4. "Encryption" tab:
    • Select the "Null" cypher
    • Select the "Null IV" IV generation method
    • The "Hash with "A"s, if hash output is too short" makes no difference
  5. "File options" tab:
    • Leave offset at 0
    • Leave sizelimit at 0
  6. "Mount options" tab:
    • Select any unused drive letter
    • Leave readonly unchecked
  7. Click the "OK" button

Example #2: Mounting a Cryptoloop Volume Using XOR Encryption

 This is the second simplest form of Linux volume file, and is the simplest case to confirm that passwords are being accepted and used correctly.

Creating the volume file under Linux: 
dd if=/dev/zero of=./vol_xor bs=1k count=1024
losetup -e XOR /dev/loop0 ./vol_xor
# Enter password: password1234567890ABC
mkdosfs /dev/loop0
mkdir ./test_mountpoint
mount /dev/loop0 ./test_mountpoint
echo "This is a text test file" > ./test_mountpoint/SHORT_TEXT.txt
umount /dev/loop0
losetup -d /dev/loop0
rm -rf ./test_mountpoint
Mounting the volume under FreeOTFE:
  1. Select "Linux | Mount..."
  2. Select the volume file
  3. "Key" tab:
    • Enter "password1234567890ABC" as the key
    • Leave GPG executable blank
    • Leave GPG keyfile blank
    • Leave seed blank
    • Select the "Null" hash
    • Leave iteration count at 0
  4. "Encryption" tab:
    • Select the "XOR" cypher
    • Select the "Null IV" IV generation method
    • The "Hash with "A"s, if hash output is too short" makes no difference.
  5. "File options" tab:
    • Leave offset at 0
    • Leave sizelimit at 0
  6. "Mount options" tab:
    • Select any unused drive letter
    • Leave readonly unchecked
  7. Click the "OK" button

Example #3: Mounting a Cryptoloop Volume Using 128 bit AES Encryption

 This example demonstrates use of a Linux AES128 volume.

Creating the volume file under Linux: 
dd if=/dev/zero of=./vol_aes128 bs=1k count=1024
losetup -e AES128 /dev/loop0 ./vol_aes128
# Enter password: password1234567890ABC
mkdosfs /dev/loop0
mkdir ./test_mountpoint
mount /dev/loop0 ./test_mountpoint
echo "This is a text test file" > ./test_mountpoint/SHORT_TEXT.txt
umount /dev/loop0
losetup -d /dev/loop0
rm -rf ./test_mountpoint
Mounting the volume under FreeOTFE:
  1. Select "Linux | Mount..."
  2. Select the volume file
  3. "Key" tab:
    • Enter "password1234567890ABC" as the key
    • Leave GPG executable blank
    • Leave GPG keyfile blank
    • Leave seed blank
    • Select the "SHA-256 (256/512)" hash
    • Make sure that the "Hash with "A"s, if hash output is too short" is not checked.
    • Leave iteration count at 0
  4. "Encryption" tab:
    • Select the "AES (CBC; 128/128)" cypher
    • Select the "32 bits sector IV" IV generation method
    • Set "Sector zero location" to "Start of host file"
  5. "File options" tab:
    • Leave offset at 0
    • Leave sizelimit at 0
  6. "Mount options" tab:
    • Select any unused drive letter
    • Leave readonly unchecked
  7. Click the "OK" button

Example #4: Mounting a Cryptoloop Volume Using 256 bit AES Encryption

 This example demonstrates use of a Linux AES256 volume.

Creating the volume file under Linux: 
dd if=/dev/zero of=./vol_aes256 bs=1k count=1024
losetup -e AES256 /dev/loop0 ./vol_aes256
# Enter password: password1234567890ABC
mkdosfs /dev/loop0
mkdir ./test_mountpoint
mount /dev/loop0 ./test_mountpoint
echo "This is a text test file" > ./test_mountpoint/SHORT_TEXT.txt
umount /dev/loop0
losetup -d /dev/loop0
rm -rf ./test_mountpoint
Mounting the volume under FreeOTFE:
  1. Select "Linux | Mount..."
  2. Select the volume file
  3. "Key" tab:
    • Enter "password1234567890ABC" as the key
    • Leave GPG executable blank
    • Leave GPG keyfile blank
    • Leave seed blank
    • Select the "SHA-512 (512/1024)" hash
    • Make sure that the "Hash with "A"s, if hash output is too short" is not checked.
    • Leave iteration count at 0
  4. "Encryption" tab:
    • Select the "AES (CBC; 256/128)" cypher
    • Select the "32 bits sector IV" IV generation method
    • Set "Sector zero location" to "Start of host file"
  5. "File options" tab:
    • Leave offset at 0
    • Leave sizelimit at 0
  6. "Mount options" tab:
    • Select any unused drive letter
    • Leave readonly unchecked
  7. Click the "OK" button

Example #5: Mounting a Cryptoloop Volume Using 256 bit AES Encryption and rmd160 Hash

 This example demonstrates use of a Linux AES256 volume using the rmd160 hash to process the user's password instead of the default SHA hash.

WARNING: Note that this example uses the "rmd160" and not "ripemd160" hash.

Creating the volume file under Linux: 
dd if=/dev/zero of=./vol_aes256_rmd160 bs=1k count=1024
losetup -e AES256 -H rmd160 /dev/loop0 ./vol_aes256_rmd160
# Enter password: password1234567890ABC
mkdosfs /dev/loop0
mkdir ./test_mountpoint
mount /dev/loop0 ./test_mountpoint
echo "This is a text test file" > ./test_mountpoint/SHORT_TEXT.txt
cp TEST_FILE_1.dat ./test_mountpoint
cp TEST_FILE_2.dat ./test_mountpoint
cp TEST_FILE_3.dat ./test_mountpoint
umount /dev/loop0
losetup -d /dev/loop0
rm -rf ./test_mountpoint
Mounting the volume under FreeOTFE:
  1. Select "Linux | Mount..."
  2. Select the volume file
  3. "Key" tab:
    • Enter "password1234567890ABC" as the key
    • Leave GPG executable blank
    • Leave GPG keyfile blank
    • Leave seed blank
    • Select the "RIPEMD-160 (Linux; Twice, with A)" hash
    • Make sure that the "Hash with "A"s, if hash output is too short" is not checked.
    • Leave iteration count at 0
  4. "Encryption" tab:
    • Select the "AES (CBC; 256/128)" cypher
    • Select the "32 bits sector IV" IV generation method
    • Set "Sector zero location" to "Start of host file"
  5. "File options" tab:
    • Leave offset at 0
    • Leave sizelimit at 0
  6. "Mount options" tab:
    • Select any unused drive letter
    • Leave readonly unchecked
  7. Click the "OK" button

Example #6: Mounting a Cryptoloop Volume Using 256 bit AES Encryption and Seed Value

 This example demonstrates use of a Linux AES256 volume with seeding. The seed used here is the string "seedvalue"

Creating the volume file under Linux: 
dd if=/dev/zero of=./vol_aes256_seeded bs=1k count=1024
losetup -e AES256 -S seedvalue /dev/loop0 ./vol_aes256_seeded
# Enter password: password1234567890ABC
losetup -a
mkdosfs /dev/loop0
mkdir ./test_mountpoint
mount /dev/loop0 ./test_mountpoint
echo "This is a text test file" > ./test_mountpoint/SHORT_TEXT.txt
cp TEST_FILE_1.dat ./test_mountpoint
cp TEST_FILE_2.dat ./test_mountpoint
cp TEST_FILE_3.dat ./test_mountpoint
umount /dev/loop0
losetup -d /dev/loop0
rm -rf ./test_mountpoint
Mounting the volume under FreeOTFE:
  1. Select "Linux | Mount..."
  2. Select the volume file
  3. "Key" tab:
    • Enter "password1234567890ABC" as the key
    • Leave GPG executable blank
    • Leave GPG keyfile blank
    • Change the seed to "seedvalue"
    • Select the "SHA-512 (512/1024)" hash
    • Make sure that the "Hash with "A"s, if hash output is too short" is not checked.
    • Leave iteration count at 0
  4. "Encryption" tab:
    • Select the "AES (CBC; 256/128)" cypher
    • Select the "32 bits sector IV" IV generation method
    • Set "Sector zero location" to "Start of host file"
  5. "File options" tab:
    • Leave offset at 0
    • Leave sizelimit at 0
  6. "Mount options" tab:
    • Select any unused drive letter
    • Leave readonly unchecked
  7. Click the "OK" button

Example #7: Mounting a Cryptoloop Volume Using 256 bit AES Encryption and Offset

 This example demonstrates use of a Linux AES256 volume, with the encrypted volume beginning at an offset of 2560 bytes into the volume file.

Creating the volume file under Linux: 
dd if=/dev/zero of=./vol_aes256_2560 bs=1k count=1024
losetup -e AES256 -o 2560 /dev/loop0 ./vol_aes256_2560
# Enter password: password1234567890ABC
mkdosfs /dev/loop0
mkdir ./test_mountpoint
mount /dev/loop0 ./test_mountpoint
echo "This is a text test file" > ./test_mountpoint/SHORT_TEXT.txt
umount /dev/loop0
losetup -d /dev/loop0
rm -rf ./test_mountpoint
Mounting the volume under FreeOTFE:
  1. Select "Linux | Mount..."
  2. Select the volume file
  3. "Key" tab:
    • Enter "password1234567890ABC" as the key
    • Leave GPG executable blank
    • Leave GPG keyfile blank
    • Leave seed blank
    • Select the "SHA-512 (512/1024)" hash
    • Make sure that the "Hash with "A"s, if hash output is too short" is not checked.
    • Leave iteration count at 0
  4. "Encryption" tab:
    • Select the "AES (CBC; 256/128)" cypher
    • Select the "32 bits sector IV" IV generation method
    • Set "Sector zero location" to "Start of host file"
  5. "File options" tab:
    • Change offset to 2560 bytes
    • Leave sizelimit at 0
  6. "Mount options" tab:
    • Select any unused drive letter
    • Leave readonly unchecked
  7. Click the "OK" button

Example #8: Mounting a Cryptoloop Volume Using 256 bit Twofish Encryption

 This example demonstrates use of a Linux Twofish 256 bit volume.

Creating the volume file under Linux: 
dd if=/dev/zero of=./vol_twofish256 bs=1k count=1024
losetup -e twofish256 /dev/loop0 ./vol_twofish256
# Enter password: password1234567890ABC
losetup -a
mkdosfs /dev/loop0
mkdir ./test_mountpoint
mount /dev/loop0 ./test_mountpoint
echo "This is a text test file" > ./test_mountpoint/SHORT_TEXT.txt
umount /dev/loop0
losetup -d /dev/loop0
rm -rf ./test_mountpoint
Mounting the volume under FreeOTFE:
  1. Select "Linux | Mount..."
  2. Select the volume file
  3. "Key" tab:
    • Enter "password1234567890ABC" as the key
    • Leave GPG executable blank
    • Leave GPG keyfile blank
    • Leave seed blank
    • Select the "SHA-512 (512/1024)" hash
    • Make sure that the "Hash with "A"s, if hash output is too short" is not checked.
    • Leave iteration count at 0
  4. "Encryption" tab:
    • Select the "Twofish (CBC; 256/128)" cypher
    • Select the "32 bits sector IV" IV generation method
    • Set "Sector zero location" to "Start of host file"
  5. "File options" tab:
    • Leave offset at 0
    • Leave sizelimit at 0
  6. "Mount options" tab:
    • Select any unused drive letter
    • Leave readonly unchecked
  7. Click the "OK" button