Error: unknown Blosxom flavour "html),"

I'm afraid this is the first I've heard of a "html)," flavoured Blosxom. Try dropping the "/+html)," bit from the end of the URL.

Wed, 23 Aug 2006

CryptoGraphicFile (CGF), or how to keep sensitive data on your laptop (Updated)

OK, a friend of mine blogged the other day about setting up encrypted disk on FreeBSD, which reminded me of this thing I'm using on my laptop to carry sensitive things like SSH keys, my address database etc. which I've come up with I went to the USA for a few months last year.

After reading the CGD chapter of the NetBSD Guide I had a rough idea on how to do the whole thing on a disk partition, but I wanted to keep everything in a file so I would not have to re-partition my laptop. Ignoring the Guide's warning that cgd(4) on vnd(4) doesn't work (and proving it wrong, for me :-), I've used vnd(4) happily since for the task.

Below, I'll outline the tasks for

  1. setting up my "CryptoGraphicFile" (CGF) using cgd-in-vnd,
  2. what to do to use the data
  3. what to do to stash things away again

1) Setting up my CryptoGraphicFile (CGF)

  1. Decide on a place for the actual data and the amount of data you want to protect. "du -sm ~/.ssh ~/.gnupg" tells me that 10MB is plenty, and I'll use these values here.
         # base=$HOME/S
         # size=10 
    Also, the (decrypted) data will be mounted on /secure.

  2. The first step of creating a $size MB big file and making it accessible as vnd(4) device is pretty easy:
         # dd if=/dev/zero of=$base bs=1m count=$size
         10+0 records in
         10+0 records out
         10485760 bytes transferred in 0.479 secs (21890939 bytes/sec)
         # chmod go-rwx $base
         # vnconfig vnd0 $base
         #
         
  3. Next we create a parameter file for cgd(4). We use AES encryption with 256 bit:
         # cgdconfig -g -V disklabel -o $base.cgd aes-cbc 256
         
    If this step fails with
         cgdconfig: could not calibrate pkcs5_pbkdf2
         cgdconfig: Failed to generate defaults for keygen 
    make sure that you have enough bits of entropy available for /dev/random. Just open up an xterm and run something like "ls -lR /" in it.

  4. Next, the disk can be configured and newfs'd. This is the step where the password for the CGF is set, and you'd better not forget this:
         # cgdconfig -V re-enter cgd0 /dev/vnd0a $base.cgd
         /dev/vnd0a's passphrase:
         re-enter device's passphrase:
         # newfs /dev/cgd0a
         /dev/cgd0a: 10.0MB (20480 sectors) block size 4096, fragment size 512
    	     using 4 cylinder groups of 2.50MB, 640 blks, 1184 inodes.
         super-block backups (for fsck_ffs -b #) at:
    	 32,  5152, 10272, 15392,
         
  5. Now the CGF can be mounted:
         # mount /dev/cgd0a /secure
         # df -h /secure
         Filesystem    Size      Used     Avail Capacity  Mounted on
         /dev/cgd0a    9.4M     512B      8.9M     0%    /secure
         # ls /secure
         #
         
  6. Of course there's nothing on the newly created CGF. Let's undo things for the first-time configuration to finish our first step:
         # umount /secure
         # cgdconfig -u cgd0
         # vnconfig -u vnd0
         
    If you get a "Filesystem busy" in the first step, remember to "cd /". :)

We have created a filesystem inside a disk-file in $HOME/S in this step. The file is protected by a password which needs to be entered when used. Security of the data in that filesystem depends on this password alone, e.g. if this is on your laptop and the laptop's stolen, so make sure you use something non-trivial!

2) Using the encrypted data

After we have created a secure filesystem inside a file in $HOME/S now, we can configure it for using with the following steps:

     # base=$HOME/S
     # vnconfig vnd0 $base
     # cgdconfig -V none cgd0 /dev/vnd0a $base.cgd
     # fsck -p /dev/cgd0a
     # mount /dev/cgd0a /secure
     # 
     
The cgdconfig-command above will ask for the password. Be sure to enter the same one that you gave it during the steps above!

After these steps, /secure is accessible again, and will be so until you shutdown the system or unconfigure it as shown below.

Before repeating how to unconfigure the CGF, the disk should probably be populated with a few precious files. To still make the files accessible in a transparent way (when /secure is mounted!), symlinks can be used. E.g the following will put an especially precious SSH key onto this secure file:

     # mv ~feyrer/.ssh/important_key /secure
     # ln -s /secure/important_key ~feyrer/.ssh
     
With appropriate SSH configuration, I will be able to use that key only when /secure is mounted. If it's not: bad luck. (Of course this whole example is somewhat artificial as you could just trust your key to a proper passphrase as well, but well :).

Other examples I've used this with is are PGP keys, my private addres database, calendar and some other files I prefer to have near me when traveling.

3) What to do to stash things away again

To make things safe again, either shutdown the system, or run these steps:

     # umount /secure
     # cgdconfig -u cgd0
     # vnconfig -u vnd0
     
Of course the steps to configure/unconfigure the CGF can be put into shell scripts (which I've done; I should probably make a package out of this...) for easy automation.

One such place where the above commands can be very handy is when suspending a laptop via APM: Place them into /etc/apm/suspend, and you won't have to worry about your files when your laptop is in suspended state. When you need your secured files again, a script with the commands noted under 2) can be run.

I'm using this setup on my laptop, and I'm quite happy with things that way. Maybe you will be, too!

Update: Curt Sampson wrote me about a nice way to lock the machine in case someon un-suspends it: simply run xlock *on suspend*. When X is started in a way that it won't get back to the shell upon ctrl-alt-backspace, this won't allow access to any file in case the machine gets stolen.

One other precaution that could be taken is to use encrypted swap, to prevent sensitive data getting into swap, and a mallicious hacker getting it from there after taking the disk out of the machine. A good hint, from someone (name forgotten) on #NetBSD.

#