Re: Question about journal integrity / encryption

cryptsetup.lists.linux.dev archive mirror
 help / color / mirror / Atom feed

From: Milan Broz <gmazyland@gmail.com>
To: LRS <vianellov@gmail.com>, cryptsetup@lists.linux.dev
Subject: Re: Question about journal integrity / encryption
Date: Mon, 4 Dec 2023 09:32:09 +0100	[thread overview]
Message-ID: <198c30e7-0ae3-4e9a-9df7-ea122af4be1f@gmail.com> (raw)
In-Reply-To: <CAFKOM5mU9M2qdfyU4sOYgfJe4anQ+uB80Wcs3GYRbD7L0=av4w@mail.gmail.com>

On 12/3/23 15:31, LRS wrote:
> I tried to create a volume with the following command:
> 
> cryptsetup luksFormat --type luks2 /dev/sdb --cipher aes-xts-plain64
> --integrity hmac-sha256
> 
> 
> If I see the json header of Luks2 i see the following part:
> 
> "integrity": {
>          "type": "hmac(sha256)",
>          "journal_encryption": "none",
>          "journal_integrity": "none"
>        }
>      }
> 
> in which I understand that the journal is not encrypted, isn't this a
> security issue? Is it possible to encrypt it somehow?

Yes, for LUKS2 journal metadata are not encrypted.
You cannot currently use encrypted dm-integrity journal with LUKS2 (only
for standalone dm-integrity).
I planned to add it one day, but it need to define how derive key for
the integrity journal.

Data are stored in journal are encrypted (only journal metadata are not encrypted),
so what attacker can do is to reply old encrypted data (or wrong data - but that
will be detected later on read).
All of this can be done with the physical access to media anyway.

Milan

     prev parent reply	other threads:[~2023-12-04  8:32 UTC|newest]

Thread overview: 2+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2023-12-03 14:31 Question about journal integrity / encryption LRS
2023-12-04  8:32 ` Milan Broz [this message]

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=198c30e7-0ae3-4e9a-9df7-ea122af4be1f@gmail.com \
    --to=gmazyland@gmail.com \
    --cc=cryptsetup@lists.linux.dev \
    --cc=vianellov@gmail.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).