Hey all, I realize I'm a bit late; I'll provide some details about the loop-AES support in the new Debian release. On Thu, Mar 29, 2007 at 07:59:18AM -0400, Eloy Paris wrote: > I haven't used a recent version of the Debian Installer for etch > (Debian's upcoming new release) but I believe that it now supports > setting up encrypted partitions at installation time, which would > save a lot of trouble and pain. That's true. The Debian etch (4.0) installer includes support for loop-AES by default. :-) o loop-AES encryption is integrated in the debian-installer partitioning tool (partman). Non-root filesystems, /tmp and swap can be configured on loop-AES encrypted devices. o Available ciphers: Twofish, Serpent, AES; One can choose between passphrase-protected GnuPG keyfiles (created during the installation) and random one-time keys. o The installer makes sure that no non-encrypted swap space is configured along with encrypted partitions and warns about short passphrases (< 20 characters) o Documented in the "Etch installation guide" http://www.debian.org/releases/stable/installmanual o dm-crypt and LUKS are supported, too. Notable missing features: o Root filesystem can't be stored on loop-AES encrypted device (work in progress, Debian bug #378488) o Keyfiles: Pre-existing GnuPG keyfiles can't be used yet and it's not yet possible to store GnuPG keyfiles on removable media (usb key, floppy, etc.) o The installer doesn't allow choice of a different symmetric cipher for GnuPG encryption (currently uses CAST5) On an installed Debian etch system, several packages are provided for use of loop-AES: o loop-aes-modules-* - Those are pre-built kernel modules for the standard Debian kernels. They are available for all supported architectures and kernel flavours (flavours are vserver, xen, etc.) o loop-aes-source - Package of the loop-AES source code (including ciphers) for use with module-assistant, make-kpkg or manual build. This package can be used to create loop-AES module packages for non-standard kernels. o loop-aes-testsuite - Package of the loop-AES (+ciphers) test suite as provided in the upstream Makefile. The tests can be run using the loop-aes-runtests(8) command. o loop-aes-utils - Includes /bin/mount, /bin/umount, /sbin/swapon and /sbin/losetup with loop-AES support. The package also includes a small script to assist with key file creation (loop-aes-keygen) and an init script that tries to fsck filesystems on loop-AES encrypted partitions before mouting them during boot. o aespipe - Simple Debian packaging of aespipe. As usual, feel free to contact me with questions and problems you encounter using loop-AES on Debian. You can contact the loop-AES Team at pkg-loop-aes-maint@xxxxxxxxxxxxxxxxxxxxxxx or contact me at xam@xxxxxxxxxxx There will always be something which can be improved, so your feedback is appreciated :-) cheers, Max - Linux-crypto: cryptography in and on the Linux system Archive: http://mail.nl.linux.org/linux-crypto/
