[dm-crypt] encryption of single files using cryptsetup ala gpg -c

Arno Wagner arno at wagner.name
Wed May 9 02:19:10 CEST 2012

On Tue, May 08, 2012 at 07:41:34PM -0400, .. ink .. wrote:
> > If you just put an encrypted filesystem in a file, that is
> > basically described in FAQ item 2.3. Is that what you are
> > doing? But that is not file encryption. That is still
> > filesystem encryption with all its limitations compared to
> > file encryption, but the advantage that you can change sectors
> > without influencing others.
> >
> > 
> Yes,that is what i do,i didnt pay attention to what i was writing when
> talking about encrypted volumes. When creating encrypted volumes in files,I
> first create a container file,open a mapper against it and then put a file
> system through the mapper and hence it is file system encryption,not file
> encyption.

Ok, clear now.

> What are the problems of using cryptsetup specifically or aes-cbc in
> general to do file encryption?
> The encrypted file(in my case atleast) is not meant to be changed,it is
> effectively "read only" cipher text file. If change need to be made,the
> file will first have to be decrypted by creating a copy of the file in
> plain text,then edit the file, then create another read only copy of the
> file in cipher text.

So, but dm-crypt encrypts in 512 Byte blocks, and reinitializes
the mode for each such block, while file encryption initializes
the mode at the start and then runs it over the whole file.

I do not quite see why you could not change any 512 byte block 
in-place. Of course you would either need the key or a block from
a previous version with the same key. But that is one of the
problems of filesystem encryption, it does not ensure overall 
integrity and it cannot. 

File encryption does ensure integrity. Or rather it dramatically 
amplifies any changes introduced by an attacker. In filesystem
encryption, any amplification is limited to one block.

Hmm. Come to think of it, intrgrity could probably 
be ensured with a crypto-hash being added to the file in
your scenario. In fact that is what is usually done in
file encryption, even with the error amplification. 

But the point is that file encryption is already solved and
actually easier than disk encryption. Retrofitting disk
encryption to add features that were removed because it
needs to fit the usage profile of disk encryption
strikes me as fundamentally wrong. Use the original thing
instead. And GnuPG in symmetrical mode already does that,
no hassle, no hoops. In addition, you get the whole 
public-key functionality for free if you want it.

So, while I applaud your inventiveness, I stand by my
statement that this is a horrible abuse of cryptsetup 
and dm-crypt and not a good idea. 

Arno Wagner, Dr. sc. techn., Dipl. Inform., CISSP -- Email: arno at wagner.name 
GnuPG:  ID: 1E25338F  FP: 0C30 5782 9D93 F785 E79C  0296 797F 6B50 1E25 338F
One of the painful things about our time is that those who feel certainty 
are stupid, and those with any imagination and understanding are filled 
with doubt and indecision. -- Bertrand Russell 

More information about the dm-crypt mailing list