home of the madduck/ blog/
Encrypting \~

It's about time I encrypt my home directory. So far, I've found two tools for the job: dmcrypt and encfs.

dmcrypt links in between the VFS layer and the data store. For an encrypted partition or image, it creates a device under /dev/mapper, which you then mount. Think cryptoloop. Encryption covers the whole scale of symmetric encryption, but I didn't find anything related to public key crypto. I am also not entirely clear yet on why a damaged block on the storage medium doesn't screw the encryption block (partially) stored on it, as well as all following ones, given a chaining mode like CBC for instance. However, as this thread shows, I am wrong and technology is right (and works), and I still just don't get it. It feels like another Monty Hall problem to me (which I also never really understood to the point of being able to convince someone else thinking 50/50 is the answer of the alleged 2/3).

So then there's encfs, a FUSE-filesystem that seems (I have not tried it) to create a virtual directory for an existing one, transparently encrypting filenames and contents as they are written to the existing directory (via the virtual one), and decrypting them when requested through the virtual one. So it's a 1-to-1 mapping, which has its pro's and con's. encfs seems equally strong on the symmetric crypto side, but seems to lack public key support.

For each, there's a proper PAM module: libpam-mount can mount a cryptoloop filesystem upon login (though the README says it cannot do so for OpenSSH logins. If that's right, well, one candidate less...). On the other hand, there's libpam-encfs, which creates the virtual directory on login (and removes it on logout).

I can well imagine how any of the PAM modules would do their job just fine on a machine where xdm is the primary/only login method. However, what about SSH? What happens if I log in through xdm, then SSH, then quit X?

How do you solve the problem? I am curious and will blog about the things I hear...

Update: After rereading my thread, I am understanding, I think. We're talking encrypted block devices (or loop devices). It's not difficult at this stages to tie IV chains in with storage blocks. I am still curious why my 8M file was still all zeroes after changing the cryptotext.

Update2: Sesse points out that CBC uses the ciphertext of the previous block as an IV, not the plaintext. So if some block gets corrupted, that messes up the next one's plaintext, but not its ciphertext, so the one after that is OK. Thanks.