Annotation of wikisrc/guide/cgd.mdwn, revision 1.1

1.1     ! jdf         1: # The cryptographic device driver (CGD)
        !             2: 
        !             3: The [cgd(4)](http://netbsd.gw.com/cgi-bin/man-cgi?cgd+4+NetBSD-current) driver 
        !             4: provides functionality which allows you to use disks or partitions for encrypted 
        !             5: storage. After providing the appropriate key, the encrypted partition is 
        !             6: accessible using `cgd` pseudo-devices.
        !             7: 
        !             8: ## Overview
        !             9: 
        !            10: People often store sensitive information on their hard disks and are concerned 
        !            11: about this information falling into the wrong hands. This is particularly 
        !            12: relevant to users of laptops and other portable devices, or portable media, 
        !            13: which might be stolen or accidentally misplaced.
        !            14: 
        !            15: ### Why use disk encryption?
        !            16: 
        !            17: File-oriented encryption tools like GnuPG are great for encrypting individual 
        !            18: files, which can then be sent across untrusted networks as well as stored 
        !            19: encrypted on disk. But sometimes they can be inconvenient, because the file must 
        !            20: be decrypted each time it is to be used; this is especially cumbersome when you 
        !            21: have a large collection of files to protect. Any time a security tool is 
        !            22: cumbersome to use, there's a chance you'll forget to use it properly, leaving 
        !            23: the files unprotected for the sake of convenience.
        !            24: 
        !            25: Worse, readable copies of the encrypted contents might still exist on the hard 
        !            26: disk. Even if you overwrite these files (using `rm -P`) before unlinking them, 
        !            27: your application software might make temporary copies you don't know about, or 
        !            28: have been paged to swapspace - and even your hard disk might have silently 
        !            29: remapped failing sectors with data still in them.
        !            30: 
        !            31: The solution is to simply never write the information unencrypted to the hard 
        !            32: disk. Rather than taking a file-oriented approach to encryption, consider a 
        !            33: block-oriented approach - a virtual hard disk, that looks just like a normal 
        !            34: hard disk with normal filesystems, but which encrypts and decrypts each block on 
        !            35: the way to and from the real disk.
        !            36: 
        !            37: ### Logical Disk Drivers
        !            38: 
        !            39: The `cgd` device looks and behaves to the rest of the operating system like any 
        !            40: other disk driver. Rather than driving real hardware directly, it provides a 
        !            41: logical function layered on top of another block device. It has a special 
        !            42: configuration program, 
        !            43: [cgdconfig(8)](http://netbsd.gw.com/cgi-bin/man-cgi?cgdconfig+8+NetBSD-current), 
        !            44: to create and configure a `cgd` device and point it at the underlying disk 
        !            45: device that will hold the encrypted data.
        !            46: 
        !            47: NetBSD includes several other similar logical block devices, each of which 
        !            48: provides some other function where `cgd` provides encryption. You can stack 
        !            49: several of these logical block devices together: you can make an encrypted 
        !            50: `raid` to protect your encrypted data against hard disk failure as well.
        !            51: 
        !            52: Once you have created a `cgd` disk, you can use 
        !            53: [disklabel(8)](http://netbsd.gw.com/cgi-bin/man-cgi?disklabel+8+NetBSD-current) 
        !            54: to divide it up into partitions, 
        !            55: [swapctl(8)](http://netbsd.gw.com/cgi-bin/man-cgi?swapctl+8+NetBSD-current) to 
        !            56: enable swapping to those partitions or 
        !            57: [newfs(8)](http://netbsd.gw.com/cgi-bin/man-cgi?newfs+8+NetBSD-current) to make 
        !            58: filesystems, then `mount` and use those filesystems, just like any other new 
        !            59: disk.
        !            60: 
        !            61: ## Components of the Crypto-Graphic Disk system
        !            62: 
        !            63: A number of components and tools work together to make the `cgd` system 
        !            64: effective.
        !            65: 
        !            66: ### Kernel driver pseudo-device
        !            67: 
        !            68: To use `cgd` you need a kernel with support for the `cgd` pseudo-device. Make 
        !            69: sure the following line is in the kernel configuration file:
        !            70: 
        !            71:     pseudo-device   cgd     4       # cryptographic disk driver
        !            72: 
        !            73: The number specifies how many `cgd` devices may be configured at the same time. 
        !            74: After configuring the `cgd` pseudo-device you can recompile the kernel and boot 
        !            75: it to enable `cgd` support.
        !            76: 
        !            77: ### Ciphers
        !            78: 
        !            79: The `cgd` driver provides the following encryption algorithms:
        !            80: 
        !            81:  * `aes-cbc` -- AES (Rijndael). AES uses a 128 bit blocksize and accepts 128, 
        !            82:    192 or 256 bit keys.
        !            83: 
        !            84:  * `blowfish-cbc` -- Blowfish uses a 64 bit blocksize and accepts 128 bit keys
        !            85: 
        !            86:  * `3des-cbc` -- Triple DES uses a 64 bit blocksize and accepts 192 bit keys 
        !            87:    (only 168 bits are actually used for encryption)
        !            88: 
        !            89: All three ciphers are used in [CBC (Cipher Block 
        !            90: Chaining)](http://en.wikipedia.org/wiki/Cipher_block_chaining)
        !            91: mode. This means each block is XORed with the previous encrypted block before 
        !            92: encryption. This reduces the risk that a pattern can be found, which can be used 
        !            93: to break the encryption.
        !            94: 
        !            95: ### Verification Methods
        !            96: 
        !            97: Another aspect of `cgd` that needs some attention are the verification methods 
        !            98: `cgdconfig` provides. These verification methods are used to verify the 
        !            99: passphrase is correct. The following verification methods are available:
        !           100: 
        !           101:  * `none` -- no verification is performed. This can be dangerous, because the 
        !           102:    key is not verified at all. When a wrong key is entered, `cgdconfig` 
        !           103:    configures the `cgd` device as normal, but data which was available on the 
        !           104:    volume will be destroyed (decrypting blocks with a wrong key will result in 
        !           105:    random data, which will result in a regeneration of the disklabel with the 
        !           106:    current key).
        !           107: 
        !           108:  * `disklabel` -- `cgdconfig` scans for a valid disklabel. If a valid disklabel 
        !           109:    is found with the key that is provided authentication will succeed.
        !           110: 
        !           111:  * `ffs` -- `cgdconfig` scans for a valid FFS file system. If a valid FFS file 
        !           112:    system is found with the key that is provided authentication will succeed.
        !           113: 
        !           114: ## Example: encrypting your disk
        !           115: 
        !           116: This section works through a step-by-step example of converting an existing 
        !           117: system to use `cgd`, performing the following actions:
        !           118: 
        !           119:  1. Preparing the disk and partitions
        !           120:  2. Scrub off all data
        !           121:  3. Create the cgd
        !           122:  4. Adjust config-files
        !           123:  5. Restoring your backed-up files to the encrypted disk
        !           124: 
        !           125: ### Preparing the disk
        !           126: 
        !           127: First, decide which filesystems you want to move to an encrypted device. You're 
        !           128: going to need to leave at least the small root (`/`) filesystem unencrypted, in 
        !           129: order to load the kernel and run `init`, `cgdconfig` and the `rc.d` scripts that 
        !           130: configure your `cgd`. In this example, we'll encrypt everything except the root 
        !           131: (`/`) filesystem.
        !           132: 
        !           133: We are going to delete and re-make partitions and filesystems, and will require 
        !           134: a backup to restore the data. So make sure you have a current, reliable backup 
        !           135: stored on a different disk or machine. Do your backup in single-user mode, with 
        !           136: the filesystems unmounted, to ensure you get a clean 
        !           137: [dump(8)](http://netbsd.gw.com/cgi-bin/man-cgi?dump+8+NetBSD-current). Make sure you 
        !           138: back up the disklabel of your hard disk as well, so you have a record of the 
        !           139: partition layout before you started.
        !           140: 
        !           141: With the system at single user, `/` mounted read-write and everything else 
        !           142: unmounted, use 
        !           143: [disklabel(8)](http://netbsd.gw.com/cgi-bin/man-cgi?disklabel+8+NetBSD-current)
        !           144: to delete all the data partitions you want to move into `cgd`.
        !           145: 
        !           146: Then make a single new partition in all the space you just freed up, say, 
        !           147: `wd0e`. Set the partition type for this partition to `cgd` Though it doesn't 
        !           148: really matter what it is, it will help remind you that it's not a normal 
        !           149: filesystem later. When finished, label the disk to save the new partition table.
        !           150: 
        !           151: ### Scrubbing the disk
        !           152: 
        !           153: We have removed the partition table information, but the existing filesystems 
        !           154: and data are still on disk. Even after we make a `cgd` device, create 
        !           155: filesystems, and restore our data, some of these disk blocks might not yet be 
        !           156: overwritten and still contain our data in plaintext. This is especially likely 
        !           157: if the filesystems are mostly empty. We want to scrub the disk before we go 
        !           158: further.
        !           159: 
        !           160: We could use 
        !           161: [dd(1)](http://netbsd.gw.com/cgi-bin/man-cgi?dd+1+NetBSD-current)
        !           162: to copy `/dev/zero` over the new `wd0e` partition, but this will leave our disk 
        !           163: full of zeros, except where we've written encrypted data later. We might not 
        !           164: want to give an attacker any clues about which blocks contain real data, and 
        !           165: which are free space, so we want to write "noise" into all the disk blocks. So 
        !           166: we'll create a temporary `cgd`, configured with a random, unknown key.
        !           167: 
        !           168: First, we configure a `cgd` to use a random key:
        !           169: 
        !           170:     # cgdconfig -s cgd0 /dev/wd0e aes-cbc 128 < /dev/urandom 
        !           171: 
        !           172: Now we can write zeros into the raw partition of our `cgd` (`/dev/rcgd0d` on 
        !           173: NetBSD/i386, `/dev/rcgd0c` on most other platforms):
        !           174: 
        !           175:     # dd if=/dev/zero of=/dev/rcgd0d bs=32k
        !           176: 
        !           177: The encrypted zeros will look like random data on disk. This might take a while 
        !           178: if you have a large disk. Once finished, unconfigure the random-key `cgd`:
        !           179: 
        !           180:     # cgdconfig -u cgd0
        !           181: 
        !           182: ### Creating the `cgd`
        !           183: 
        !           184: The 
        !           185: [cgdconfig(8)](http://netbsd.gw.com/cgi-bin/man-cgi?cgdconfig+8+NetBSD-current) 
        !           186: program, which manipulates `cgd` devices, uses parameters files to store such 
        !           187: information as the encryption type, key length, and a random password salt for 
        !           188: each `cgd`. These files are very important, and need to be kept safe - without 
        !           189: them, you will not be able to decrypt the data!
        !           190: 
        !           191: We'll generate a parameters file and write it into the default location (make 
        !           192: sure the directory `/etc/cgd` exists and is mode 700):
        !           193: 
        !           194:     # cgdconfig -g -V disklabel -o /etc/cgd/wd0e aes-cbc 256
        !           195: 
        !           196: This creates a parameters file `/etc/cgd/wd0e` describing a `cgd` using the 
        !           197: `aes-cbc` cipher method, a key verification method of `disklabel`, and a key 
        !           198: length of `256` bits. It will look something like this:
        !           199: 
        !           200:     algorithm aes-cbc;
        !           201:     iv-method encblkno;
        !           202:     keylength 256;
        !           203:     verify_method disklabel;
        !           204:     keygen pkcs5_pbkdf2/sha1 {
        !           205:             iterations 6275;
        !           206:             salt AAAAgHTg/jKCd2ZJiOSGrgnadGw=;
        !           207:     };
        !           208: 
        !           209: *Note*: Remember, you'll want to save this file somewhere safe later.
        !           210: 
        !           211: *Tip*: When creating the parameters file, `cgdconfig` reads from `/dev/random` 
        !           212: to create the password salt. This read may block if there is not enough 
        !           213: collected entropy in the random pool. This is unlikely, especially if you just 
        !           214: finished overwriting the disk as in the previous step, but if it happens you can 
        !           215: press keys on the console and/or move your mouse until the `rnd` device gathers 
        !           216: enough entropy.
        !           217: 
        !           218: Now it's time to create our `cgd`, for which we'll need a passphrase. This 
        !           219: passphrase needs to be entered every time the `cgd` is opened, which is usually 
        !           220: at each reboot. The encryption key is derived from this passphrase and the salt. 
        !           221: Make sure you choose something you won't forget, and others won't guess.
        !           222: 
        !           223: The first time we configure the `cgd`, there is no valid disklabel on the 
        !           224: logical device, so the validation mechanism we want to use later won't work. We 
        !           225: override it this one time:
        !           226: 
        !           227:     # cgdconfig -V re-enter cgd0 /dev/wd0e
        !           228: 
        !           229: This will prompt twice for a matching passphrase, just in case you make a typo, 
        !           230: which would otherwise leave you with a `cgd` encrypted with a passphrase that's 
        !           231: different to what you expected.
        !           232: 
        !           233: Now that we have a new `cgd`, we need to partition it and create filesystems. 
        !           234: Recreate your previous partitions with all the same sizes, with the same letter 
        !           235: names.
        !           236: 
        !           237: *Tip*: Remember to use the `disklabel -I` argument, because you're creating an 
        !           238: initial label for a new disk.
        !           239: 
        !           240: *Note*: Although you want the sizes of your new partitions to be the same as the 
        !           241: old, unencrypted ones, the offsets will be different because they're starting at 
        !           242: the beginning of this virtual disk.
        !           243: 
        !           244: Then, use 
        !           245: [newfs(8)](http://netbsd.gw.com/cgi-bin/man-cgi?newfs+8+NetBSD-current) to 
        !           246: create filesystems on all the relevant partitions. This time your partitions 
        !           247: will reflect the `cgd` disk names, for example:
        !           248: 
        !           249:     # newfs /dev/rcgd0h
        !           250: 
        !           251: ### Modifying configuration files
        !           252: 
        !           253: We've moved several filesystems to another (logical) disk, and we need to update 
        !           254: `/etc/fstab` accordingly. Each partition will have the same letter (in this 
        !           255: example), but will be on `cgd0` rather than `wd0`. So you'll have `/etc/fstab` 
        !           256: entries something like this:
        !           257: 
        !           258:     /dev/wd0a   /     ffs     rw    1 1
        !           259:     /dev/cgd0b  none  swap    sw            0 0
        !           260:     /dev/cgd0b  /tmp  mfs     rw,-s=132m    0 0
        !           261:     /dev/cgd0e  /var  ffs     rw            1 2
        !           262:     /dev/cgd0f  /usr  ffs     rw            1 2
        !           263:     /dev/cgd0h  /home ffs     rw            1 2
        !           264: 
        !           265: *Note*: `/tmp` should be a separate filesystem, either `mfs` or `ffs`, inside 
        !           266: the `cgd`, so that your temporary files are not stored in plain text in the `/` 
        !           267: filesystem.
        !           268: 
        !           269: Each time you reboot, you're going to need your `cgd` configured early, before 
        !           270: [fsck(8)](http://netbsd.gw.com/cgi-bin/man-cgi?fsck+8+NetBSD-current) runs and 
        !           271: filesystems are mounted.
        !           272: 
        !           273: Put the following line in `/etc/cgd/cgd.conf`:
        !           274: 
        !           275:     cgd0    /dev/wd0e
        !           276: 
        !           277: This will use `/etc/cgd/wd0e` as config file for `cgd0`.
        !           278: 
        !           279: To finally enable cgd on each boot, put the following line into `/etc/rc.conf`:
        !           280: 
        !           281:     cgd=YES
        !           282: 
        !           283: You should now be prompted for `/dev/cgd0`'s passphrase whenever `/etc/rc` 
        !           284: starts.
        !           285: 
        !           286: ### Restoring data
        !           287: 
        !           288: Next, mount your new filesystems, and 
        !           289: [restore(8)](http://netbsd.gw.com/cgi-bin/man-cgi?restore+8+NetBSD-current) your 
        !           290: data into them. It often helps to have `/tmp` mounted properly first, as 
        !           291: `restore` can use a fair amount of temporary space when extracting a large 
        !           292: dumpfile.
        !           293: 
        !           294: To test your changes to the boot configuration, umount the filesystems and 
        !           295: unconfigure the `cgd`, so when you exit the single-user shell, *rc* will run 
        !           296: like on a clean boot, prompting you for the passphrase and mounting your 
        !           297: filesystems correctly. Now you can bring the system up to multi-user, and make 
        !           298: sure everything works as before.
        !           299: 
        !           300: ## Example: encrypted CDs/DVDs
        !           301: 
        !           302: ### Introduction
        !           303: 
        !           304: This section explains how to create and use encrypted CDs/DVDs with NetBSD (all 
        !           305: I say about CDs here does also apply to DVDs). I assume that you have basic 
        !           306: knowledge of cgd(4), so I will not explain what cgd is or what's inside it in 
        !           307: detail. The same applies to vnd(4). One can make use of encrypted CDs after 
        !           308: reading this howto, but for more detailed information about different cgd 
        !           309: configuration options, please read the previous parts or the manpages.
        !           310: 
        !           311: ### Creating an encrypted CD/DVD
        !           312: 
        !           313: cgd(4) provides highly secure encryption of whole partitions or disks. 
        !           314: Unfortunately, creating "normal" CDs is not disklabeling something and running 
        !           315: newfs on it. Neither can you just put a CDR into the drive, configure cgd and 
        !           316: assume it to write encrypted data when syncing. Standard CDs contain at least an 
        !           317: ISO-9660 filesystem created with mkisofs(8) from the 
        !           318: [`sysutils/cdrtools`](http://ftp.NetBSD.org/pub/pkgsrc/current/pkgsrc/sysutils/cdrtools/README.html) 
        !           319: package. ISO images must *not* contain disklabels or cgd partitions.
        !           320: 
        !           321: But of course CD reader/writer hardware doesn't care about filesystems at all. 
        !           322: You can write raw data to the CD if you like - or an encrypted FFS filesystem, 
        !           323: which is what we'll do here. But be warned, there is NO way to read this CD with 
        !           324: any OS except NetBSD - not even other BSDs due to the lack of cgd.
        !           325: 
        !           326: The basic steps when creating an encrypted CD are:
        !           327: 
        !           328:  * Create an (empty) imagefile
        !           329:  * Register it as a virtual disk using vnd(4)
        !           330:  * Configure cgd inside the vnd disk
        !           331:  * Copy content to the cgd
        !           332:  * Unconfigure all (flush!)
        !           333:  * Write the image on a CD
        !           334: 
        !           335: The first step when creating an encrypted CD is to create a single image file 
        !           336: with dd. The image may not grow, so make it large enough to allow all CD content 
        !           337: to fit into. Note that the whole image gets written to the CD later, so creating 
        !           338: a 700 MB image for 100 MB content will still require a 700 MB write operation to 
        !           339: the CD. Some info on DVDs here: DVDs are only 4.7 GB in marketing language. 
        !           340: 4.7GB = 4.7 x 1024 x 1024 x 1024 = 5046586573 bytes. In fact, a DVD can only 
        !           341: approximately hold 4.7 x 1000 x 1000 x 1000 = 4700000000 bytes, which is about 
        !           342: 4482 MB or about 4.37 GB. Keep this in mind when creating DVD images. Don't 
        !           343: worry for CDs, they hold "real" 700 MB (734003200 Bytes).
        !           344: 
        !           345: Invoke all following commands as root!
        !           346: 
        !           347: For a CD:
        !           348: 
        !           349:     # dd if=/dev/zero of=image.img bs=1m count=700
        !           350: 
        !           351: or, for a DVD:
        !           352: 
        !           353:     # dd if=/dev/zero of=image.img bs=1m count=4482
        !           354: 
        !           355: Now configure a 
        !           356: [vnd(4)](http://netbsd.gw.com/cgi-bin/man-cgi?vnd+4+NetBSD-5.0.1+i386)-pseudo 
        !           357: disk with the image:
        !           358: 
        !           359:     # vnconfig vnd0 image.img
        !           360: 
        !           361: In order to use cgd, a so-called parameter file, describing encryption 
        !           362: parameters and a containing "password salt" must be generated. We'll call it 
        !           363: `/etc/cgd/image` here. You can use one parameter file for several encrypted 
        !           364: partitions (I use one different file for each host and a shared file `image` for 
        !           365: all removable media, but that's up to you).
        !           366: 
        !           367: I'll use AES-CBC with a keylength of 256 bits. Refer to 
        !           368: [cgd(4)](http://netbsd.gw.com/cgi-bin/man-cgi?cgd+4+NetBSD-5.0.1+i386) and 
        !           369: [cgdconfig(8)](http://netbsd.gw.com/cgi-bin/man-cgi?cgdconfig+8+NetBSD-5.0.1+i386) 
        !           370: for details and alternatives.
        !           371: 
        !           372: The following command will create the parameter file as `/etc/cgd/image`. *YOU 
        !           373: DO NOT WANT TO INVOKE THE FOLLOWING COMMAND AGAIN* after you burnt any CD, since 
        !           374: a recreated parameter file is a lost parameter file and you'll never access your 
        !           375: encrypted CD again (the "salt" this file contains will differ among each call). 
        !           376: Consider this file being *HOLY, BACKUP IT* and *BACKUP IT AGAIN!* Use switch -V 
        !           377: to specify verification method "disklabel" for the CD (cgd cannot detect whether 
        !           378: you entered a valid password for the CD later when mounting it otherwise).
        !           379: 
        !           380:     # cgdconfig -g -V disklabel aes-cbc 256 > /etc/cgd/image
        !           381: 
        !           382: Now it's time to configure a cgd for our vnd drive. (Replace slice `d` with `c` 
        !           383: for all platforms that use `c` as the whole disk (where
        !           384: `sysctl kern.rawpartition` prints `2`, not `3`); if you're on i386 or amd64, `d` 
        !           385: is OK for you):
        !           386: 
        !           387:     # cgdconfig -V re-enter cgd1 /dev/vnd0d /etc/cgd/image
        !           388: 
        !           389: The `-V re-enter` option is necessary as long as the cgd doesn't have a 
        !           390: disklabel yet so we can access and configure it. This switch asks for a password 
        !           391: twice and uses it for encryption.
        !           392: 
        !           393: Now it's time to create a disklabel inside the cgd. The defaults of the label 
        !           394: are ok, so invoking disklabel with
        !           395: 
        !           396:     # disklabel -e -I cgd1
        !           397: 
        !           398: and leaving vi with `:wq` immediately will do.
        !           399: 
        !           400: Let's create a filesystem on the cgd, and finally mount it somewhere:
        !           401: 
        !           402:     # newfs /dev/rcgd1a
        !           403:     # mount /dev/cgd1a /mnt
        !           404: 
        !           405: The cgd is alive! Now fill `/mnt` with content. When finished, reverse the 
        !           406: configuration process. The steps are:
        !           407: 
        !           408: 1.  Unmounting the cgd1a:
        !           409: 
        !           410:         # umount /mnt
        !           411: 
        !           412: 2.  Unconfiguring the cgd:
        !           413: 
        !           414:         # cgdconfig -u cgd1
        !           415: 
        !           416: 3.  Unconfiguring the vnd:
        !           417: 
        !           418:         # vnconfig -u vnd0
        !           419: 
        !           420: 
        !           421: The following commands are examples to burn the images on CD or DVD. Please 
        !           422: adjust the `dev=` for cdrecord or the `/dev/rcd0d` for growisofs. Note the 
        !           423: `r` on the `rcd0d` *is* necessary with NetBSD. Growisofs is available in the 
        !           424: [`sysutils/dvd+rw-tools`](http://ftp.NetBSD.org/pub/pkgsrc/current/pkgsrc/sysutils/dvd+rw-tools/README.html) 
        !           425: package. Again, use `c` instead of `d` if this is the raw partition on your 
        !           426: platform.
        !           427: 
        !           428: Finally, write the image file to a CD:
        !           429: 
        !           430:     # cdrecord dev=/dev/rcd0d -v image.img
        !           431: 
        !           432: ...or to a DVD:
        !           433: 
        !           434:     # growisofs -dvd-compat -Z /dev/rcd0d=image.img
        !           435: 
        !           436: Congratulations! You've just created a really secure CD!
        !           437: 
        !           438: ### Using an encrypted CD/DVD
        !           439: 
        !           440: After creating an encrypted CD as described above, we're not done yet - what 
        !           441: about mounting it again? One might guess, configuring the cgd on `/dev/cd0d` is 
        !           442: enough - no, it is not.
        !           443: 
        !           444: NetBSD cannot access FFS file systems on media that is not 512 bytes/sector 
        !           445: format. It doesn't matter that the cgd on the CD is, since the CD's disklabel 
        !           446: the cgd resides in has 2048 bytes/sector.
        !           447: 
        !           448: But the CD driver cd(4) is smart enough to grant write access to the 
        !           449: (emulated) disklabel on the CD. So before configuring the cgd, let's have a look 
        !           450: at the disklabel and modify it a bit:
        !           451: 
        !           452:     # disklabel -e cd0
        !           453:     # /dev/rcd0d:
        !           454:     type: ATAPI
        !           455:     disk: mydisc
        !           456:     label: fictitious
        !           457:     flags: removable
        !           458:     bytes/sector: 2048    # -- Change to 512 (= orig / 4)
        !           459:     sectors/track: 100    # -- Change to 400 (= orig * 4)
        !           460:     tracks/cylinder: 1
        !           461:     sectors/cylinder: 100 # -- Change to 400 (= orig * 4)
        !           462:     cylinders: 164
        !           463:     total sectors: 16386  # -- Change to value of slice "d" (=65544)
        !           464:     rpm: 300
        !           465:     interleave: 1
        !           466:     trackskew: 0
        !           467:     cylinderskew: 0
        !           468:     headswitch: 0           # microseconds
        !           469:     track-to-track seek: 0  # microseconds
        !           470:     drivedata: 0
        !           471:     
        !           472:     4 partitions:
        !           473:     #     size  offset  fstype [fsize bsize cpg/sgs]
        !           474:      a:   65544   0     4.2BSD  0     0     0  # (Cyl. 0 - 655+)
        !           475:      d:   65544   0     ISO9660 0     0        # (Cyl. 0 - 655+)
        !           476: 
        !           477: Now as the disklabel is in 512 b/s format, accessing the CD is as easy as:
        !           478: 
        !           479:     # cgdconfig cgd1 /dev/cd0d /etc/cgd/image
        !           480:     # mount -o ro /dev/cgd1a /mnt
        !           481: 
        !           482: Note that the cgd *MUST* be mounted read-only or you'll get illegal command 
        !           483: errors from the cd(4) driver which can in some cases make even mounting a 
        !           484: CD-based cgd impossible!
        !           485: 
        !           486: Now we're done! Enjoy your secure CD!
        !           487: 
        !           488:     # ls /mnt
        !           489: 
        !           490: Remember you have to reverse all steps to remove the CD:
        !           491: 
        !           492:     # umount /mnt
        !           493:     # cgdconfig -u cgd1
        !           494:     # eject cd0
        !           495: 
        !           496: ## Suggestions and Warnings
        !           497: 
        !           498: You now have your filesystems encrypted within a `cgd`. When your machine is 
        !           499: shut down, the data is protected, and can't be decrypted without the passphrase. 
        !           500: However, there are still some dangers you should be aware of, and more you can 
        !           501: do with `cgd`. This section documents several further suggestions and warnings 
        !           502:        that will help you use `cgd` effectively.
        !           503: 
        !           504:  * Use multiple `cgd`'s for different kinds of data, one mounted all the time 
        !           505:    and others mounted only when needed.
        !           506: 
        !           507:  * Use a `cgd` configured on top of a `vnd` made from a file on a remote network 
        !           508:    fileserver (NFS, SMBFS, CODA, etc) to safely store private data on a shared 
        !           509:    system. This is similar to the procedure for using encrypted CDs and DVDs 
        !           510:    described in [[Example: encrypted CDs/DVDs|guide/cgd#cryptocds]].
        !           511: 
        !           512: ### Using a random-key cgd for swap
        !           513: 
        !           514: You may want to use a dedicated random-key `cgd` for swap space, regenerating 
        !           515: the key each reboot. The advantage of this is that once your machine is 
        !           516: rebooted, any sensitive program memory contents that may have been paged out are 
        !           517: permanently unrecoverable, because the decryption key is never known to you.
        !           518: 
        !           519: We created a temporary `cgd` with a random key when scrubbing the disk in the 
        !           520: example above, using a shorthand `cgdconfig -s` invocation to avoid creating a 
        !           521: parameters file.
        !           522: 
        !           523: The `cgdconfig` params file includes a *randomkey* keygen method. This is more 
        !           524: appropriate for *permanent* random-key configurations, and facilitates the easy 
        !           525: automatic configuration of these volumes at boot time.
        !           526: 
        !           527: For example, if you wanted to convert your existing `/dev/wd0b` partition to a 
        !           528: dedicated random-key cgd1, use the following command to generate 
        !           529: `/etc/cgd/wd0b`:
        !           530: 
        !           531:     # cgdconfig -g -o /etc/cgd/wd0b -V none -k randomkey blowfish-cbc
        !           532: 
        !           533: When using the randomkey keygen method, only verification method `none` can be 
        !           534: used, because the contents of the new `cgd` are effectively random each time 
        !           535: (the previous data decrypted with a random key). Likewise, the new disk will not 
        !           536: have a valid label or partitions, and `swapctl` will complain about 
        !           537: configuring swap devices not marked as such in a disklabel.
        !           538: 
        !           539: In order to automate the process of labeling the disk, prepare an appropriate 
        !           540: disklabel and save it to a file, for example `/etc/cgd/wd0b.disklabel`. Please 
        !           541: refer to 
        !           542: [disklabel(8)](http://netbsd.gw.com/cgi-bin/man-cgi?disklabel+8+NetBSD-5.0.1+i386) 
        !           543: for information about how to use `disklabel` to set up a swap partition.
        !           544: 
        !           545: On each reboot, to restore this saved label to the new `cgd`, create the 
        !           546: `/etc/rc.conf.d/cgd` file as below:
        !           547: 
        !           548:     swap_device="cgd1"
        !           549:     swap_disklabel="/etc/cgd/wd0b.disklabel"
        !           550:     start_postcmd="cgd_swap"
        !           551:     
        !           552:     cgd_swap()
        !           553:     {
        !           554:         if [ -f $swap_disklabel ]; then
        !           555:             disklabel -R -r $swap_device $swap_disklabel
        !           556:         fi
        !           557:     }
        !           558: 
        !           559: The same technique could be extended to encompass using `newfs` to re-create 
        !           560: an `ffs` filesystem for `/tmp` if you didn't want to use `mfs`.
        !           561: 
        !           562: ### Warnings
        !           563: 
        !           564: Prevent cryptographic disasters by making sure you can always recover your 
        !           565: passphrase and parameters file. Protect the parameters file from disclosure, 
        !           566: perhaps by storing it on removable media as above, because the salt it contains 
        !           567: helps protect against dictionary attacks on the passphrase.
        !           568: 
        !           569: Keeping the data encrypted on your disk is all very well, but what about other 
        !           570: copies? You already have at least one other such copy (the backup we used during 
        !           571: this setup), and it's not encrypted. Piping `dump` through file-based 
        !           572: encryption tools like **gpg** can be one way of addressing this issue, but make 
        !           573: sure you have all the keys and tools you need to decrypt it to `restore` after 
        !           574: a disaster.
        !           575: 
        !           576: Like any form of software encryption, the `cgd` key stays in kernel memory while 
        !           577: the device is configured, and may be accessible to privileged programs and 
        !           578: users, such as `/dev/kmem` grovellers. Taking other system security steps, such 
        !           579: as running with elevated securelevel, is highly recommended.
        !           580: 
        !           581: Once the `cgd` volumes are mounted as normal filesystems, their contents are 
        !           582: accessible like any other file. Take care of file permissions and ensure your 
        !           583: running system is protected against application and network security attack.
        !           584: 
        !           585: Avoid using suspend/resume, especially for laptops with a BIOS suspend-to-disk 
        !           586: function. If an attacker can resume your laptop with the key still in memory, or 
        !           587: read it from the suspend-to-disk memory image on the hard disk later, the whole 
        !           588: point of using `cgd` is lost.
        !           589: 
        !           590: ## Further Reading
        !           591: 
        !           592: The following resources contain more information on CGD:
        !           593: 
        !           594: ### Bibliography
        !           595: 
        !           596:  * [smackie-cgd]: [NetBSD CGD Setup](http://www.bsdguides.org/guides/netbsd/misc/cgd_setup.php)*. Stuart Mackie.
        !           597:  * [nycbug-cgd]: [I want my cgd](http://genoverly.com/articles/view/5/) aka: I want an encrypted pseudo-device on my laptop*.
        !           598:  * [elric-cgd]: The original paper on [The CryptoGraphic Disk Driver](http://www.imrryr.org/~elric/cgd/cgd.pdf)*. Roland Dowdeswell and John Ioannidis.
        !           599:  * [biancuzzi-cgd]: [Inside NetBSD's CGD](http://onlamp.com/pub/a/bsd/2005/12/21/netbsd_cgd.html) - an interview with CGD creator Roland Dowdeswell*. Biancuzzi Federico.
        !           600:  * [hubertf-cgd]: [CryptoGraphicFile (CGF)](http://www.feyrer.de/NetBSD/blog.html/nb_20060823_2311.html), or how to keep sensitive data on your laptop*. Feyrer Hubert.
        !           601: 

CVSweb for NetBSD wikisrc <wikimaster@NetBSD.org> software: FreeBSD-CVSweb