2

Generally, I can create a encrypted ext4 image by do this:

fallocate -l 6553600 encrypt.img
losetup -f encrypt.img
dmsetup create encrypt_disk --table "0 12800 crypt aes 32BYTEKEY 0 /dev/loop0 0"
mkfs.ext4 /dev/mapper/encrypt_disk

Then I can mount /dev/mapper/encrypt_disk to a directory and all files in this disk will be encrypted automatically. And I got a encrypt.img. It can loaded by dmsetup in the next time.

Here is my question: Can I make a encrypt.img by using openssl tools instead of dmsetup? Maybe it will like this:

fallocate -l 6553600 encrypt.img
losetup -f encrypt.img
mkfs.ext4 /dev/loop0
openssl aes ...

Thank you.

shuofei
  • 21
  • 1
  • I've always assumed that OpenSSL focused on stream ciphers, but that may not be entirely correct, so make sure that it can implement block ciphers like AES in CBC (cipher block chaining) mode. All that said, the first rule of crypto they teach at leading universities is "Don't try to do it yourself. this stuff requires experts and large amounts of peer review. the best cryptographers in the world don't work alone, and neither should you". so in summary, don't go too far off the beaten path when trying to implement cryptography. Its more likely that tinkering will weaken the system. – Frank Thomas Jun 10 '15 at 12:17

1 Answers1

1

No, you can't do this:
Because the filesystem you use is implemented in the kernel, you need an underlying encrypted block device implementation that is also implemented in the kernel, which is the case with dmsetup ... crypt.
openssl is a userspace implementation that does encryption outside the kernel so cannot be used for implementing devices that support a file system.

If you used a userspace filesystem instead, which is not ext4, but could be something around fuse, then this one could be based on something else than a kernel based block device, but that's a quite different topic.

Juergen
  • 43
  • 1
  • 7