[dm-crypt] Migrating from loop AES to dm-crypt

[dm-crypt] Migrating from loop AES to dm-crypt

[Nick Battle]

I've just upgraded from openSUSE 12.1 to 12.2. I find that the latest version of
mount and losetup do not have the file encryption options they used to, since
everyone should have migrated to dm-crypt. The trouble is, I now have some
encrypted backup volumes that I cannot read!

I used to mount the archives with:

	mount ... -o loop,phash=sha256,encryption=aes128

It looks like I should be using the loopaesOpen option to cryptsetup to mount
these now, but I cannot find a combination of options that works. I'm trying the
following:

cryptsetup loopaesOpen <device> <name> --key-file pp --key-size 128 --hash
sha256 -c aes-cbc-plain

Where the file pp has my passphrase (without a newline) - that I used to enter
at the prompt mount gave when using the "-o loop". This successfully sets up the
mapper, but the result is not recognizable as a filesystem (I think it's ext2).
So I assume the crypto and/or passphrase hash isn't quite right.

I'm afraid the archives are so old that I don't know which options I used to
originally create them, though I almost certainly chose "defaults".

Can anyone help?

-- 
Cheers,
-nick

Re: [dm-crypt] Migrating from loop AES to dm-crypt

[Arno Wagner]

On Fri, Sep 14, 2012 at 06:35:19PM +0100, Nick Battle wrote:
> I've just upgraded from openSUSE 12.1 to 12.2. I find that the latest version of
> mount and losetup do not have the file encryption options they used to, since
> everyone should have migrated to dm-crypt. The trouble is, I now have some
> encrypted backup volumes that I cannot read!
> 
> I used to mount the archives with:
> 
> 	mount ... -o loop,phash=sha256,encryption=aes128
> 
> It looks like I should be using the loopaesOpen option to cryptsetup to
> mount these now, but I cannot find a combination of options that works. 
> I'm trying the following:
> 
> cryptsetup loopaesOpen <device> <name> --key-file pp --key-size 128 --hash
> sha256 -c aes-cbc-plain
> 
> Where the file pp has my passphrase (without a newline) - that I used to
> enter at the prompt mount gave when using the "-o loop".  This
> successfully sets up the mapper, but the result is not recognizable as a
> filesystem (I think it's ext2).  So I assume the crypto and/or passphrase
> hash isn't quite right.

Yes. As there is no metadata it will do the mapping even if the
parameters are completely wrong.

> I'm afraid the archives are so old that I don't know which options I used
> to originally create them, though I almost certainly chose "defaults".
> 
> Can anyone help?

I also have no idea what you need, but loop AES has no metadata,
i.e. the correct options need to be given every time. That
means your openSUSE 12.1 gave them, either because it was the
defaults used there, or because they were encoded somewhwere
(crypttab?) 

In the first case an OpenSUSE 12.1 life CD should help.
In the second case you need to find the parameters, for
example in a backup of the old system.

If you get the container mapped with the old openSUSE,
   dmsetup table --target crypt --showkey /dev/mapper/<device>
should give cipher, mode and offsets. (Also master key, 
don't post that or cut it down to first and last char or 
the like).

If you figure it out, can you tell me which parameters worked
for cryptsetup, so I can add them in Secrion 7 of the FAQ? Thanks!

Arno
-- 
Arno Wagner,    Dr. sc. techn., Dipl. Inform.,   Email: arno@wagner.name 
GnuPG:  ID: 1E25338F  FP: 0C30 5782 9D93 F785 E79C  0296 797F 6B50 1E25 338F
----
One of the painful things about our time is that those who feel certainty 
are stupid, and those with any imagination and understanding are filled 
with doubt and indecision. -- Bertrand Russell 

Re: [dm-crypt] Migrating from loop AES to dm-crypt

[Nick Battle]

On 14/09/12 19:00, Arno Wagner wrote:
> I also have no idea what you need, but loop AES has no metadata,
> i.e. the correct options need to be given every time. That
> means your openSUSE 12.1 gave them, either because it was the
> defaults used there, or because they were encoded somewhwere
> (crypttab?)

All I think I have to go on is the openSUSE mount(1) options that worked (-o
loop,phash=sha256,encryption=aes128).

> In the first case an OpenSUSE 12.1 life CD should help.
> In the second case you need to find the parameters, for
> example in a backup of the old system.

I should presumably be able to mount using an old live CD, but if that's using
losetup (albeit via mount), I'm not sure how to find the actual parameters.

> If you get the container mapped with the old openSUSE,
>    dmsetup table --target crypt --showkey /dev/mapper/<device>
> should give cipher, mode and offsets.

Will that work even for a "plain" losetup with a cipher. That looks like a
dm-crypt tool?

> If you figure it out, can you tell me which parameters worked
> for cryptsetup, so I can add them in Secrion 7 of the FAQ? Thanks!

Yes, absolutely!

-- 
Cheers,
-nick

Re: [dm-crypt] Migrating from loop AES to dm-crypt

[Matthias Schniedermeyer]

On 14.09.2012 18:35, Nick Battle wrote:
> I've just upgraded from openSUSE 12.1 to 12.2. I find that the latest version of
> mount and losetup do not have the file encryption options they used to, since
> everyone should have migrated to dm-crypt. The trouble is, I now have some
> encrypted backup volumes that I cannot read!
> 
> I used to mount the archives with:
> 
> 	mount ... -o loop,phash=sha256,encryption=aes128
> 
> It looks like I should be using the loopaesOpen option to cryptsetup to mount
> these now, but I cannot find a combination of options that works. I'm trying the
> following:
> 
> cryptsetup loopaesOpen <device> <name> --key-file pp --key-size 128 --hash
> sha256 -c aes-cbc-plain
> 
> Where the file pp has my passphrase (without a newline) - that I used to enter
> at the prompt mount gave when using the "-o loop". This successfully sets up the
> mapper, but the result is not recognizable as a filesystem (I think it's ext2).
> So I assume the crypto and/or passphrase hash isn't quite right.
> 
> I'm afraid the archives are so old that I don't know which options I used to
> originally create them, though I almost certainly chose "defaults".
> 
> Can anyone help?

That isn't whan loopaesOpen is needed for. It is needed for loop-aes v2 
or v3 format.

What you describe is v1. Which, as far as i understand, is "plain" 
"aes128-CBC", with a sha256-round for the passphrase.

An easy way to decrypt loop-aes is by using "aespipe" (same author), 
which can also be found on the loop-aes site: 
http://loop-aes.sourceforge.net/aespipe/

And boy is that fast when you have a CPU with AES-NI. I recently 
decrypted some DVDs i recorded several years ago. They were encrypted 
with loop-aes v1/aes128 and a dcrypt with aespie in tmpfs only took 2.8 
seconds on average for 4489MiB, IOW 1.6GiB/s using a single core.




Bis denn

-- 
Real Programmers consider "what you see is what you get" to be just as 
bad a concept in Text Editors as it is in women. No, the Real Programmer
wants a "you asked for it, you got it" text editor -- complicated, 
cryptic, powerful, unforgiving, dangerous.

Re: [dm-crypt] Migrating from loop AES to dm-crypt

[Ludwig Nussel]

Nick Battle wrote:
> I've just upgraded from openSUSE 12.1 to 12.2. I find that the latest version of
> mount and losetup do not have the file encryption options they used to, since
> everyone should have migrated to dm-crypt. The trouble is, I now have some
> encrypted backup volumes that I cannot read!
> 
> I used to mount the archives with:
> 
> 	mount ... -o loop,phash=sha256,encryption=aes128
> 
> It looks like I should be using the loopaesOpen option to cryptsetup to mount
> these now, but I cannot find a combination of options that works. I'm trying the
> following:
> 
> cryptsetup loopaesOpen <device> <name> --key-file pp --key-size 128 --hash
> sha256 -c aes-cbc-plain

IIRC loopaesOpen is for the multi key mode of newer loop aes. The crypto
patches we had in openSUSE were based on a loop aes from a decade ago
which didn't do anything fancy yet. So standard 'create' should work
just fine with the parameters you figured out already. See also
http://en.opensuse.org/SDB:Encrypted_filesystems#aes_cryptoloop_image

cu
Ludwig

-- 
 (o_   Ludwig Nussel
 //\
 V_/_  http://www.suse.de/
SUSE LINUX Products GmbH, GF: Jeff Hawn, Jennifer Guild, Felix Imendörffer, HRB 16746 (AG Nürnberg) 

Re: [dm-crypt] Migrating from loop AES to dm-crypt

[Milan Broz]

On 09/18/2012 09:16 AM, Ludwig Nussel wrote:
> Nick Battle wrote:
>> I've just upgraded from openSUSE 12.1 to 12.2. I find that the latest version of
>> mount and losetup do not have the file encryption options they used to, since
>> everyone should have migrated to dm-crypt. The trouble is, I now have some
>> encrypted backup volumes that I cannot read!
>>
>> I used to mount the archives with:
>>
>> 	mount ... -o loop,phash=sha256,encryption=aes128
>>
>> It looks like I should be using the loopaesOpen option to cryptsetup to mount
>> these now, but I cannot find a combination of options that works. I'm trying the
>> following:
>>
>> cryptsetup loopaesOpen <device> <name> --key-file pp --key-size 128 --hash
>> sha256 -c aes-cbc-plain
> 
> IIRC loopaesOpen is for the multi key mode of newer loop aes. The crypto
> patches we had in openSUSE were based on a loop aes from a decade ago
> which didn't do anything fancy yet. So standard 'create' should work
> just fine with the parameters you figured out already. See also
> http://en.opensuse.org/SDB:Encrypted_filesystems#aes_cryptoloop_image

loopaesOpen can open all loop-AES variations (including multikey) and
it should automatically select proper mode according to number of lines (keys)
in keyfile. So only keysize and hash parameters needed (only if not default,
see cryptsetup --help for default).

Anyway, I promised that there should be some FAQ item about losetup
replacement parameters, So I'll try to prepare something....

Milan

Re: [dm-crypt] Migrating from loop AES to dm-crypt

[Nick Battle]

OK, thanks everyone.

I just tried this again and it now works fine. I thought I tried several plain
"create" options, but... evidently not!

	cryptsetup create mapped <device> -c aes -s 128 -h sha256

Thanks again for the help!

-- 
Cheers,
-nick

Re: [dm-crypt] Migrating from loop AES to dm-crypt

[Arno Wagner]

On Tue, Sep 18, 2012 at 10:03:35PM +0100, Nick Battle wrote:
> OK, thanks everyone.
> 
> I just tried this again and it now works fine. I thought I tried 
> several plain "create" options, but... evidently not!

Data recovery has a tendency to devolve into chaos, if you
only do it rarely ;-) 

> 	cryptsetup create mapped <device> -c aes -s 128 -h sha256
> 
> Thanks again for the help!

Thanks for the info, added to the FAQ.

Arno
-- 
Arno Wagner,    Dr. sc. techn., Dipl. Inform.,   Email: arno@wagner.name 
GnuPG:  ID: 1E25338F  FP: 0C30 5782 9D93 F785 E79C  0296 797F 6B50 1E25 338F
----
One of the painful things about our time is that those who feel certainty 
are stupid, and those with any imagination and understanding are filled 
with doubt and indecision. -- Bertrand Russell 

Re: [dm-crypt] Migrating from loop AES to dm-crypt

[Nick Battle]

On 18/09/12 22:32, Arno Wagner wrote:
>> I just tried this again and it now works fine. I thought I tried
>> several plain "create" options, but... evidently not!
>
> Data recovery has a tendency to devolve into chaos, if you
> only do it rarely ;-)

LOL, yes! I think I tried the basic "create" options after I'd read a page
somewhere about the full syntax for the cipher and hash arguments, so I was
probably trying all manner of fancy IV schemes and chaining modes. If only I'd
tried the basic stuff!

Anyway, sorted now. I've posted the answer in the other forums where I asked the
same question (LinuxQuestions and the SUSE forums), so hopefully along with your
FAQ update we'll help a few people who have the same problem :)

Thanks again.

-- 
Cheers,
-nick