[dm-crypt] inner workings of block mode encryption
ralf+dm at ramses-pyramidenbau.de
Sun Feb 8 15:22:56 CET 2015
maybe you should start here:
On 02/08/2015 03:06 PM, U.Mutlu wrote:
> I'm interessted in the inner workings of encrypting block devices
> like the encrypted volumes created with the cryptsetup tool.
> Let's say a file of size 200K is stored on an encrypted ext2 filesystem.
> How is the enrcyption key applied to it?
To sum it up:
cryptsetup is independent of the overlying filesystem and does not care
It just acts as a "mapper" and creates a new block device which
represents plain text data.
You can use this device for any purpose of your choice: create a
filesystem on it, use it as a LVM Volume, ....
> I guess the password is used only for accessing/mounting the volume,
> and the key is only a starting value (ie. a "seed") for the underlying
You can use a passphrase or a keyfile with cryptsetup LUKS.
This key is applied to a key derivation function which derives an
intermediate key which is used for decrypting a key slot which contains
the actual master-key for decrypting your volume.
This key slot or "lock box" concept opens the possibility that several
key files or passphrases may unlock the volume.
The material which is needed for decrypting the device is located in the
LUKS header. See FAQ.
> Since in these cases usually a blockwise operating cipher is used,
> that means that the file will be encrypted of course blockwise,
> for example in blocks of 32 bytes.
dm-crypt uses a sector size of (correct me if i'm wrong) 512 Byte which
means that every sector of 512 Byte gets en/decrypted independently.
The encryption of each sector is parameterized by an initialization
vector which may be influenced by the logical number of the sector.
> Now the question: are the blocks of that file all encrypted using the
> same one key? Or does a kind of "streaming" or HMAC get used for the
> subsequent blocks of the file?
Well yes and no.
Yes, the same key is used for all sectors of the volume and no, dm-crypt
does not use HMAC to generate key streams.
Just imagine: if you'd like to access the last sector of your volume
you'd have to generate the whole key stream which would probably take a
More information about the dm-crypt