Playing around with Luks.

WarrenUK

Hi.

I'm going over my notes for Luks. I have two questions.

In /proc/crypto what is the difference between kernel and aesni_intel modules?

I tried to use sha256 for encryption but it failed. I used switch --cipher sha256. I have noticed that the type field in the description of the module in the /proc/crypto file says shash for some modules and cipher for others. Is this why the switch option failed?

I am looking into auto-mounting my encrypted drive. I have seen on other websites that it is necessary to use a key-file but I do not see any mention of this in the course notes. This is what the course says:

/etc/fstab:
/dev/mapper/SECRET /mnt ext4 defaults 0 0
/etc/crypttab:
SECRET /dev/sdc12

Is this all I need to auto-mount an encrypted drive?

Thanks.

luisviveropena

Hi @WarrenUK ,

In /proc/crypto what is the difference between kernel and aesni_intel modules?

If it says "kernel" in the module parameter, it means it's the support for it is included in the kernel. Per the documentation, it says "module: the kernel module providing the cipher implementation (or “kernel” for statically linked ciphers)".

If it says "aesni_intel", it means it's using that module name, and you can get information about it by doing "modinfo aesni_intel":

luis@ubuntu18:~$ modinfo aesni_intel
filename: /lib/modules/5.3.0-62-generic/kernel/arch/x86/crypto/aesni-intel.ko
alias: crypto-aes
alias: aes
license: GPL
description: Rijndael (AES) Cipher Algorithm, Intel AES-NI instructions optimized
srcversion: 598E78B4B9CD24BD2D698B8
alias: cpu:type:x86,venfammod:feature:0099*
depends: glue_helper,aes-x86_64,crypto_simd
retpoline: Y
intree: Y
name: aesni_intel
vermagic: 5.3.0-62-generic SMP mod_unload
signat: PKCS#7
signer:
sig_key:
sig_hashalgo: md4

You can see some important details here:

https://www.kernel.org/doc/html/latest/crypto/architecture.html?highlight=proc crypto

I am looking into auto-mounting my encrypted drive. I have seen on other websites
that it is necessary to use a key-file but I do not see any mention of this in the course notes.
This is what the course says:
.
/etc/fstab:
/dev/mapper/SECRET /mnt ext4 defaults 0 0
/etc/crypttab:
SECRET /dev/sdc12
.
Is this all I need to auto-mount an encrypted drive?

I just did a test editing /etc/fstab and /etc/crypttab and it mounted the partition automatically at boot. It asked the password during the boot process, of course

I encourage you to do the test by yourself!

BTW, what error did you get when using sha256? If possible, provide a screenshot.

Many regards,
Luis.