Hi, please do not send html mail to this list, just use text. On 13/03/2020 05:25, Yoo-Seung Won (Dr) wrote: > I want to encrypt single file using some commands as below. Please note dm-crypt is block encryption, not a file encryption so output will be BLOCK device not a file. > ======================================================================================================================== > cryptsetup --verbose --cipher=aes-ecb --key-size=128 --key-file=/dev/example/aes_key.bin open --type=plain /dev/example/aes_data.bin enc > > I know the meaning of each commands because I read the document. > > aes_key.bin only has 16 bytes 0x00 (That is, 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00) > > I means this file only consists of hexa. > > And, > > aes_data.bin has 0x800 bytes 0x00 > ======================================================================================================================== > > Finally, I got the enc in /dev/mapper > > I opened the enc file. There is only 0x600 bytes. (I expected the 0x800 bytes because I use the AES-ECB) As mentioned, it is block device, not a file! I tried: # dd if=/dev/zero of=/file bs=1 count=2048 # dd if=/dev/zero of=/key bs=1 count=16 # cryptsetup --verbose --cipher=aes-ecb --key-size=128 --key-file=/key open --type=plain /file enc To get its size, try # blockdev --getsize64 /dev/mapper/enc 2048 Note it must be always aligned to sector size (512 bytes in this case). Also note there is a loopback allocated, that will align this for you, striping the last incomplete sector. # lsblk NAME MAJ:MIN RM SIZE RO TYPE MOUNTPOINT loop0 7:0 0 2K 0 loop └─enc 253:0 0 2K 0 crypt > Also, 0x600 bytes are composed of 96 16bytes (14 0f 0f 10 11 b5 22 3d 79 5 77 17 ff d9 ec 3a). This is the correct *plaintext*. > I expected that 128 16bytes (66 E9 4B D4 EF 8A 2C 3B 88 4C FA 59 CA 34 2B 2E) because I used the all zero keys and all zero data You expected wrong, this is DECRYPTION of zero blocks, not encryption (you are reading the block device). # hexdump -C /file 00000000 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................| * 00000800 Try write zeroes as plaintext (use direct-io so it is not cached): # dd if=/dev/zero of=/dev/mapper/enc oflag=direct and now check ciphertext device: # hexdump -C /file 00000000 66 e9 4b d4 ef 8a 2c 3b 88 4c fa 59 ca 34 2b 2e |f.K...,;.L.Y.4+.| * 00000800 > I think that the encrypted data is wrong and file size also is wrong. > > If you don't mind, could you tell me what I miss? 1) you have probably smaller file than 2048 bytes so the last sector is striped by loopback file (check ls -l) 2) you need to get block device size, not a file size 3) reading a device is AES decryption, not encryption 4) I guess this was a test, but never ever use ECB mode here. So if tested properly, I get exactly what you expected. Regards, Milan _______________________________________________ dm-crypt mailing list dm-crypt@xxxxxxxx https://www.saout.de/mailman/listinfo/dm-crypt
