WHAT IS THIS? I have patched util-linux-2.9r so that "login" will generate and use encrypted home directories. This patch will only work with 2.2.X kernels that have been patched with the strong encryption patches available on www.kerneli.org. WHY? I couldn't get CFS to work on my laptop, and TCFS hasn't been ported to 2.2.X yet. ppdd is still pretty new. If there was a linux version of "Scramdisk", I probably wouldn't have bothered to write this. NO, I MEANT WHY SHOULD I USE IT? You could use it to keep your home directory encrypted when you're not logged in. When you log in, your directory is automagically decrypted. When you logout, your home directory, and the files in it, are encrypted again. Hmm, my friend D. says this isn't correct. He says whatever you read/write is decrypted/encrypted on-the-fly. Anyway, if you're running linux on a laptop, and the laptop gets stolen, your files can't be read. WHAT'S THE CATCH? This is *alpha* software. It no doubt contains bugs, more bugs, and yet more bugs. Use it at your own risk. The author accepts no responsibility for loss of your precious data. If you're not comfortable patching critical system programs, this probably isn't for you. You should be comfortable with loop devices before making use of this patch. HOW DOES IT WORK? If your home directory begins with "/crypt/", the following happens when you log in: - a free loop device is found. - you're asked for the size of your home directory (4/8/16/32/64/128/ 256/512/1024 MB). - once you've selected a size, a nMB-sized file named "/crypt/(your-id)" is created (ie. /crypt/101). - you are asked for a passphrase and given your choice of encryption algorithm. - if this is the first time you've logged in, the password you gave is one-way hashed and put into the file "/crypt/(your uid).x", or compared against the contents of that file otherwise. if the given passphrase(s) don't match, you get bounced out at this point. - the loop device is set up using the previously created file and the passphrase you supplied. - if this is the first time through, a ext2 filesystem is created on the loop device, otherwise the filesystem is checked for errors. if no errors are found, the filesystem is mounted on the loop device and you can proceed normally. - if you're logged in and you log in again from another VT, you're asked for the passphrase, which is compared against the stored passphrase, and if they match, you can proceed. this is to stop somebody who knows your login password, but not your EHD passphrase from piggybacking into your directory. - when you log out the last time, the filesystem is unmounted and the loop device is freed. HOW DO I USE IT? - you must be running 2.2.X with strong encryption. go to www.kerneli.org to download the kernel patches to enable strong encryption in your 2.2.X kernel. - you must have loop devices enabled in the kernel, as well as strong encryption. - you must find a copy of "util-linux-2.9r.tar.gz", then gunzip and untar it somewhere to produce the directory "util-linux-2.9r". as an alternative, you can download the already-patched file "util-linux-2.9r_ehd.tar.gz" directly from this website and skip the next step. - download the file "ehd-X.Ypatch". put this file into the same place you put "util-linux-2.9r". type the command patch -p0 < ehd-X.Y.patch you should now have the directory "util-linux-2.9r_ehd". - change directory to util-linux-2.9r_ehd. - if your system doesn't use PAM (PAM = Pluggable Authentication Modules, used by default in RedHat, apparently not used in Slackware, i'm not sure about Debian or any other variants), you'll have to modify the file "MCONFIG" and comment out the line "HAVE_PAM=yes". - type "./config". - cd util-linux-2.9r_ehd/mount, and type "make" to create a version of "losetup" that contains BLOWFISH encryption. - before installing "losetup", test it by doing the following: dd if=/dev/zero of=/tmp/testfile bs=1k count=1024 ./losetup -e blowfish /dev/loop0 /tmp/testfile mkfs -t ext2 /dev/loop0 1024 mount -t ext2 /dev/loop0 /mnt umount /dev/loop0 ./losetup -d /dev/loop0 if that worked, strongly-encrypted loop devices should be working correctly. - after building "losetup", cd ../login-utils, and type "make login". - test "login" by doing the following: - make sure that you're logged in AT LEAST once as root on another VT! - make sure you have at least 4MB free under "/" ! - cp /bin/login /bin/login.old && chattr +i /bin/login.old - cp -f login /bin/login - mkdir /crypt - create a user called "test", with a home directory of "/crypt/test". - try logging in as "test". you should see You don't seem to have an encrypted home directory. Setting one up for you. Choose a size for your home directory: 4: 4MB 8: 8MB 16: 16MB 32: 32MB (default) 64: 64MB 128: 128MB 256: 256MB 512: 512MB 1024: 1024MB Size [32MB] ? 4 Creating a 4MB home directory. Patience please ... done. Choose an encryption method: 0: BLOWFISH (default) 1: CAST128 2: DFC 3: IDEA 4: MARS 5: RC6 6: SERPENT Encryption method [0] ? Using the BLOWFISH encryption method. You'll need a passphrase to decrypt your home directory. It can be up to 256 characters long. *DO NOT* use your login password! Passphrase: - type in a passphrase. you should see Again, please: - retype your passphrase. if you retyped it correctly you should see Saving encrypted passphrase ... (a few seconds pass) done. Creating filesystem ... (a few seconds pass) done. Mounting filesystem as your home ... (a few seconds pass) done. - logout, and then try logging in the same way again as "test". you should see Last login: Mon Jun 7 20:09:23 on tty3 Your home directory appears to be encrypted. Passphrase: - type in your passphrase. you should see Checking filesystem ... looks OK. Mounting filesystem as your home ... done. I REBOOTED AND NOW I CAN'T LOG IN ANYMORE! Stale lock files can be left around in "/var/lock/login" if the system loses power / is rebooted when an encrypted-home-directory is active, which will make it impossible for the user to log back in. The solution to this problem is to put the following line into the file "/etc/rc.d/rc.sysinit" (or the equivalent on non-RedHat systems) to remove any stale lock files when the system comes up: ... /bin/rm -f /var/lock/login/* ... CAVEATS Root can read your files once you've logged in. You can't change your password once you've set it, and if you forget it, you're screwed. "su" and "ssh" aren't supported yet. If you remove or muck with "/crypt/XXX" and/or "/crypt/XXX.x" and/or "/var/lock/login/*" while you're logged in, things will break badly. If anybody but you is in your directory when you logout, the filesystem won't umount and the loop device won't be deallocated. If "e2fsck", "mkfs", and "mount" are in funny places, it won't work. If things go very wrong, you may be able to recover using something like the following: # losetup -d /dev/loop0 (or loop1 or loop2 or whatever) # /bin/rm -fr /var/lock/login If that doesn't work, reboot, and everything should get cleaned up correctly. I wouldn't change root's home directory to "/crypt/root" myself, but if anybody wants to try, I'd be interested in hearing what happened. Probably things will blow up in a spectacular fashion and hose your system. Don't say I didn't warn you. DOCUMENTATION For now, aside from this file, there is none. Read the source. BUGS No doubt there are bugs. If you find them, please send email. Try to be descriptive. "It doesn't work!" isn't much help. And before you ask, I can't help you if you forget your passphrase. Pick up any phone and ask for the NSA, they'll be glad to help you :) Constructive comments, money, and beer are welcome. Flames and spam -> /dev/null. Id Est July 11, 1999