WelcomeWelcome | FAQFAQ | DownloadsDownloads | WikiWiki

Author Topic: Encryption not working  (Read 6543 times)

Offline sm8ps

  • Sr. Member
  • ****
  • Posts: 338
Encryption not working
« on: September 10, 2018, 12:54:55 AM »
Hi friends!

I have been trying to implement some encrypted part of my home as a safe place for sensitive data. However, none of my attempts have succeeded. I have tried with EcryptFS, LUKS as well as Ext4-encryption.

After loading the ecryptfs-utils or cryptsetup package for EcryptFS or LUKS, respectively, there is no module ecryptfs or dm-crypt, respectively, that can be loaded. I recall long time reading something about kernel modules requiring special care when it comes to dCore.

As far as Ext4-encryption is concerned, tune2fs does not accept the option for the encryption feature. Maybe it has to do with the kernel version 4.2.9 (Xenial)?

I have used EncFS on another machine but I would like to use some faster encryption method. I have yet to try GocryptFS which looks like a promising alternative.

Does anybody see a reason why EcryptFS and LUKS do not work on dCore? Does anybody have a working set-up providing an encrypted folder?

Offline bmarkus

  • Administrator
  • Hero Member
  • *****
  • Posts: 7183
    • My Community Forum
Re: Encryption not working
« Reply #1 on: September 10, 2018, 01:09:10 AM »
Is Ext4 encryption enabled in the Kernel?
Béla
Ham Radio callsign: HA5DI

"Amateur Radio: The First Technology-Based Social Network."

Offline Jason W

  • Administrator
  • Hero Member
  • *****
  • Posts: 9730
Re: Encryption not working
« Reply #2 on: September 10, 2018, 02:56:05 AM »
For some reason CONFIG_EXT4_ENCRYPTION=m is set in the kernel config for dCore-xenial instead of CONFIG_EXT4_ENCRYPTION=y, and that option can't be modularized I have read.  All other dCore ports, x86 and x86_64, have the option set correctly to y.  I will fix this in the coming days. 

Offline Jason W

  • Administrator
  • Hero Member
  • *****
  • Posts: 9730
Re: Encryption not working
« Reply #3 on: September 10, 2018, 07:18:03 PM »
vmlinuz-xenial has been rebuilt for ext4 encryption support.  Please download and test from:

http://tinycorelinux.net/dCore/x86/release_candidates/dCore-xenial/

Offline sm8ps

  • Sr. Member
  • ****
  • Posts: 338
Re: Encryption not working
« Reply #4 on: September 11, 2018, 09:23:39 AM »
First off: thank you very much for your immediate help, Jason! I ran the new kernel only to find out that ext4-encryption needs needs a newer version of e2fsprogs than Xenial provides. I must admit that rather than compiling these I shall upgrade to Bionic(32) which I had intended anyways. (Another THANK YOU for providing this release for the 32-bit architecture!) I just tried ext4-encryption on Bionic64 and AFAICT from the short test it does work.

The more I read on the subject, however, the more I am inclined to work with device encryption. As stated, LUKS does not work, presumably because the necessary kernel module dm-crypt is not available. Is there a way to make it available or can I build it by myself? I would also like to evaluate EcryptFS as possible candidate for which the same applies with respect to the module ecryptfs. Bionic(32) and Bionic64 would be the versions I shall be using.

This all is quite beyond my scope so I am very thankful for guidance and/or help. Once I get it working, I shall include an article in the wiki on the subject because I think it is very important for dCore to have a way for encrypting some part of one's home directory (or should I say: one's private parts? :) ).

Cheers!

Offline Jason W

  • Administrator
  • Hero Member
  • *****
  • Posts: 9730
Re: Encryption not working
« Reply #5 on: September 11, 2018, 05:02:59 PM »
Hi sm8ps.  I am on dCore-bionic now and I am able to modprobe dm-crypt, the results are below.  The dm-crypt module is in the package raid-dm-4.14.10-tinycore.

Code: [Select]

root@box:/# modprobe dm-crypt
root@box:/# lsmod | grep dm_crypt
dm_crypt               24576  0
dm_mod                 61440  1 dm_crypt
root@box:/# find usr/local/lib/modules/ -name dm-crypt*
usr/local/lib/modules/4.14.10-tinycore/kernel/drivers/md/dm-crypt.ko
root@box:/#



Offline Jason W

  • Administrator
  • Hero Member
  • *****
  • Posts: 9730
Re: Encryption not working
« Reply #6 on: September 11, 2018, 07:22:12 PM »
For dCore-bionic, the package ecryptfs-4.14.10-tinycore has been uploaded.  It contains the ecryptfs kernel module.  Please test. 

Offline sm8ps

  • Sr. Member
  • ****
  • Posts: 338
Re: Encryption not working
« Reply #7 on: September 17, 2018, 01:11:07 AM »
I have upgraded to dCore-bionic64 and both modules are indeed available. I am still in the midst of getting things working and shall report back in the forum with my results which I intend to put in the wiki.
For the moment just many thanks again for your great help, Jason!