Chapter 3. Encryption

There are two main types of data that must be protected: data at rest and data in motion. These different types of data are protected in similar ways using similar technology but the implementations can be completely different. No single protective implementation can prevent all possible methods of compromise as the same information may be at rest and in motion at different points in time.

3.1. Data at Rest

Data at rest is data that is stored on a hard drive, tape, CD, DVD, disk, or other media. This information's biggest threat comes from being physically stolen. Laptops in airports, CDs going through the mail, and backup tapes that get left in the wrong places are all examples of events where data can be compromised through theft. If the data is encrypted on the media, it lowers the chances of the data being accessed.

3.1.1. Full Disk Encryption

Full disk or partition encryption is one of the best ways of protecting your data. Not only is each file protected but also the temporary storage that may contain parts of these files is also protected. Full disk encryption will protect all of your files so you do not have to worry about selecting what you want to protect and possibly missing a file.
Red Hat Enterprise Linux 6 natively supports LUKS Encryption. LUKS bulk encrypts your hard drive partitions so that while your computer is off, your data is protected. This will also protect your computer from attackers attempting to use single-user-mode to login to your computer or otherwise gain access.
Full disk encryption solutions like LUKS only protect the data when your computer is off. Once the computer is on and LUKS has decrypted the disk, the files on that disk are available to anyone who would normally have access to them. To protect your files when the computer is on, use full disk encryption in combination with another solution such as file based encryption. Also remember to lock your computer whenever you are away from it. A passphrase protected screen saver set to activate after a few minutes of inactivity is a good way to keep intruders out. For more information on LUKS, see Section 3.1.3, “LUKS Disk Encryption”.

3.1.2. File-Based Encryption

File-based encryption is used to protect the contents of files on mobile storage devices, such as CDs, flash drives, or external hard drives. Some file-based encryption solutions may leave remnants of the encrypted files that an attacker who has physical access to your computer can recover under some circumstances. To protect the contents of these files from attackers who may have access to your computer, use file-based encryption combined with another solution, such as full disk encryption.

3.1.3. LUKS Disk Encryption

Linux Unified Key Setup-on-disk-format (or LUKS) allows you to encrypt partitions on your Linux computer. This is particularly important when it comes to mobile computers and removable media. LUKS allows multiple user keys to decrypt a master key which is used for the bulk encryption of the partition.

Overview of LUKS

What LUKS does
  • LUKS encrypts entire block devices and is therefore well-suited for protecting the contents of mobile devices such as removable storage media or laptop disk drives.
  • The underlying contents of the encrypted block device are arbitrary. This makes it useful for encrypting swap devices. This can also be useful with certain databases that use specially formatted block devices for data storage.
  • LUKS uses the existing device mapper kernel subsystem.
  • LUKS provides passphrase strengthening which protects against dictionary attacks.
  • LUKS devices contain multiple key slots, allowing users to add backup keys/passphrases.
What LUKS does not do:
  • LUKS is not well-suited for applications requiring many (more than eight) users to have distinct access keys to the same device.
  • LUKS is not well-suited for applications requiring file-level encryption.

3.1.3.1. LUKS Implementation in Red Hat Enterprise Linux

Red Hat Enterprise Linux 6 utilizes LUKS to perform file system encryption. By default, the option to encrypt the file system is unchecked during the installation. If you select the option to encrypt your hard drive, you will be prompted for a passphrase that will be asked every time you boot the computer. This passphrase "unlocks" the bulk encryption key that is used to decrypt your partition. If you choose to modify the default partition table you can choose which partitions you want to encrypt. This is set in the partition table settings.
The default cipher used for LUKS (refer to cryptsetup --help) is aes-cbc-essiv:sha256. Note that the installation program, Anaconda, uses by default the AES cipher in XTS mode, aes-xts-plain64. The default key size for LUKS is 256 bits. The default key size for LUKS with Anaconda (XTS mode) is 512 bits.

Warning

Changing the default cryptographic attributes can affect your system's performance and expose your system to various security risks. You should not change the default cryptographic attributes of your system without good knowledge of cryptography and understanding to the capabilities of the used cipher combinations.
Red Hat strongly recommends using the default ciphers. If you need to use any other cipher than the cipher that is configured as the default, you can initialize your partition with the --cipher and --key-size options. The syntax of the command is the following:
cryptsetup --verify-passphrase --cipher <cipher>-<mode>-<iv> --key-size <key-size> luksFormat <device>
where <cipher>-<mode>-<iv> is a string representing the used cipher. The string consists of three parts: a block cipher, block cipher mode, and an initial vector (IV).
A block cipher is a deterministic algorithm that operates on data blocks and allows encryption and decryption of bulk data. Block ciphers that are available on Red Hat Enterprise Linux are:
  • AES — Advanced Encryption Standard, a 128-bit symmetric block cipher using encryption keys with lengths of 128, 192, and 256 bits; for more information, see the FIPS PUB 197.
  • Twofish — A 128-bit block cipher operating with encryption keys of the range from 128 bits to 256 bits.
  • Serpent — A 128-bit block cipher operating with 128-bit, 192-bit and 256-bit encryption keys.
  • cast5 — A 64-bit Feistel cipher supporting encryption keys of the range from 40 to 128 bits; for more information, see the RFC 2144.
  • cast6 — A 128-bit Feistel cipher using 128-bit, 160-bit, 192-bit, 224-bit, or 256-bit encryption keys; for more information, see the RFC 2612.
Block cipher mode describes a way the block cipher is repeatedly applied on bulk data in order to encrypt or decrypt the data securely. The following modes can be used:
  • CBC — Cipher Block Chaining; for more information, see the NIST SP 800-38A.
  • XTS — XEX Tweakable Block Cipher with Ciphertext Stealing; for more information, see the IEEE 1619, or NIST SP 800-38E.
  • CTR — Counter; for more information, see the NIST SP 800-38A.
  • ECB — Electronic Codebook; for more information, see the NIST SP 800-38A.
  • CFB — Cipher Feedback; for more information, see the NIST SP 800-38A.
  • OFB — Output Feedback; for more information, see the NIST SP 800-38A.
An initial vector is a block of data used for ciphertext randomization. IV ensures that repeated encryption of the same plain text provides different ciphertext output. IV must not be reused with the same encryption key. For ciphers in CBC mode, IV must be unpredictable, otherwise the system could become vulnerable to certain watermarking attacks (see LUKS/cryptsetup FAQ for more information). Red Hat recommends using the following IV with AES:
  • ESSIV — Encrypted Salt-Sector Initialization Vector - This IV should be used for ciphers in CBC mode. You should use the default hash: sha256.
  • plain64 (or plain) — IV sector offset - This IV should be used for ciphers in XTS mode.
You may also specify the length of the used encryption key. The size of the key depends on the used combination of the block cipher and block cipher mode. If you do not specify the key length, LUKS will use the default value for the given combination. For example: if you decide to use a 128-bit key for AES in CBC mode, LUKS will encrypt your partition using the AES-128 implementation, while specifying a 512-bit key for AES in XTS mode means that the AES-256 implementation will be used. Note that XTS mode operates with two keys, the first is determined for tweakable encryption and the second for regular encryption.

3.1.3.2. Manually Encrypting Directories

Warning

Following this procedure will remove all data on the partition that you are encrypting. You WILL lose all your information! Make sure you backup your data to an external source before beginning this procedure!
  1. Enter runlevel 1 by typing the following at a shell prompt as root:
    telinit 1
  2. Unmount your existing /home:
    umount /home
  3. If the command in the previous step fails, use fuser to find processes hogging /home and kill them:
    fuser -mvk /home
  4. Verify /home is no longer mounted:
    grep home /proc/mounts
  5. Fill your partition with random data:
    shred -v --iterations=1 /dev/VG00/LV_home
    This command proceeds at the sequential write speed of your device and may take some time to complete. It is an important step to ensure no unencrypted data is left on a used device, and to obfuscate the parts of the device that contain encrypted data as opposed to just random data.
  6. Initialize your partition:
    cryptsetup --verbose --verify-passphrase luksFormat /dev/VG00/LV_home
  7. Open the newly encrypted device:
    cryptsetup luksOpen /dev/VG00/LV_home home
  8. Make sure the device is present:
    ls -l /dev/mapper | grep home
  9. Create a file system:
    mkfs.ext3 /dev/mapper/home
  10. Mount the file system:
    mount /dev/mapper/home /home
  11. Make sure the file system is visible:
    df -h | grep home
  12. Add the following to the /etc/crypttab file:
    home /dev/VG00/LV_home none
  13. Edit the /etc/fstab file, removing the old entry for /home and adding the following line:
    /dev/mapper/home /home ext3 defaults 1 2
  14. Restore default SELinux security contexts:
    /sbin/restorecon -v -R /home
  15. Reboot the machine:
    shutdown -r now
  16. The entry in the /etc/crypttab makes your computer ask your luks passphrase on boot.
  17. Log in as root and restore your backup.
You now have an encrypted partition for all of your data to safely rest while the computer is off.

3.1.3.3. Adding a New Passphrase to an Existing Device

Use the following command to add a new passphrase to an existing device:
cryptsetup luksAddKey <device>
After being prompted for any one of the existing passprases for authentication, you will be prompted to enter the new passphrase.

3.1.3.4. Removing a Passphrase from an Existing Device

Use the following command to remove a passphrase from an existing device:
cryptsetup luksRemoveKey <device>
You will be prompted for the passphrase you want to remove and then for any one of the remaining passphrases for authentication.

3.1.3.5. Creating Encrypted Block Devices in Anaconda

You can create encrypted devices during system installation. This allows you to easily configure a system with encrypted partitions.
To enable block device encryption, check the Encrypt System check box when selecting automatic partitioning or the Encrypt check box when creating an individual partition, software RAID array, or logical volume. After you finish partitioning, you will be prompted for an encryption passphrase. This passphrase will be required to access the encrypted devices. If you have pre-existing LUKS devices and provided correct passphrases for them earlier in the install process the passphrase entry dialog will also contain a check box. Checking this check box indicates that you would like the new passphrase to be added to an available slot in each of the pre-existing encrypted block devices.

Note

Checking the Encrypt System check box on the Automatic Partitioning screen and then choosing Create custom layout does not cause any block devices to be encrypted automatically.

Note

You can use a kickstart file to set a separate passphrase for each new encrypted block device. Also, kickstart allows you to specify a different type of encryption if the Anaconda default cipher, aes-xts-plain64, does not suit you. In dependencies on a device you want to encrypt, you can specify the --cipher=<cipher-string> along with the autopart, part, partition, logvol, and raid directives. This option has to be used together with the --encrypted option, otherwise it has no effect. For more information about the <cipher-string> format and possible cipher combinations, see Section 3.1.3.1, “LUKS Implementation in Red Hat Enterprise Linux”. For more information about kickstart configuration, see the Red Hat Enterprise Linux 6 Installation Guide.

3.1.3.6. Additional Resources

For additional information on LUKS or encrypting hard drives under Red Hat Enterprise Linux, visit one of the following links: