Inside NetBSD's CGDby Federico Biancuzzi
NetBSD is well-known for its portability, but since the release of NetBSD 2.0, the project has also included tons of interesting and unique features. While waiting for the upcoming 3.0, Federico Biancuzzi interviewed Roland Dowdeswell, the author of the Crypto-Graphic Disk system. This is a must-read for any laptop owner (and paranoid androids)!
Could you introduce yourself?
Roland Dowdeswell: By day, I work for a major financial institution in New York. In the past, I have also consulted extensively and, like most IT people of my age, co-founded a startup in Silicon Valley. I've been involved in the NetBSD Project for a number of years, but honestly I devote a vast majority of my time to my job and don't contribute as much as I might like to.
What is CGD?
RD: CGD (PDF) is an encrypted pseudo disk driver. It sits on top of another disk or partition and presents a new virtual disk to the rest of the operating system. Each disk write (read) to the pseudo disk is encrypted (decrypted) and then performed on the underlying disk. The new disk can then be partitioned and used for any purpose that a normal disk can. This is the same approach as used by many software RAID solutions.
Why did you choose to create CGD?
RD: Like many open source projects, I created CGD because I wanted it myself. At the time, the only BSD-licensed alternative was OpenBSD svnd driver, which did not take steps to frustrate dictionary attacks and only supported a single cipher (blowfish). So I decided that I should write my own.
Did anyone finance the development?
RD: No, I took a little time off from consulting to do it.
How does it work from a user standpoint?
RD: First, you set up the parameters file. This file contains the information that
cgdconfig (PDF) needs to configure the disk, including the encryption method, the key generation procedures, etc.:
# cgdconfig -g aes-cbc 256 > /etc/cgd/wd0f
The default key generation method is PKCS#5 PBKDF2, which generates a key from a pass phrase. It is also possible to setup n-factor authentication or simply store the key in the file.
Once you have the parameters file, then you need to configure the disk for the first time:
# cgdconfig -V re-enter cgd0 /dev/wd0f /dev/wd0f's passphrase: /dev/wd0f's passphrase:
-V re-enter flag tells
cgdconfig to prompt for the pass phrase twice and check that they are the same. In general usage,
cgdconfig will check that the disk contains either a valid disklabel or filesystem with the provided key. Of course, the first time there will be neither of these.
At this point, you have a disk, /dev/cgd0[a-h], which you set up however you want; for example, label the disk and create filesystems. Once the disk is properly set up,
# cgdconfig -u cgd0
will unconfigure the disk and
# cgdconfig cgd0 /dev/wd0f
will configure it.
NetBSD's rc system supports configuring CGD disks on boot by adding them to /etc/cgd/cgd.conf.
If you want to provide a different pass phrase for another system administrator, you can create a different parameters file from the first one, which will decrypt the disk with a different pass phrase:
# cgdconfig -G old_params > new_params
This method can be used to change the pass phrase, if old_params is securely erased.
If I'm already using a disk full of data, how can I encrypt it? Should I use a new empty slice and then move data there?
RD: Yes. To encrypt an existing partition, you will need to create a new, encrypted partition and move the data to it.
How much space does the crypto use? Does it grow with data, or is it fixed based on disk size?
RD: The current encryption modes that CGD implements do not change the size of the data, beyond the storage size of the parameters file, which specifies how the disk in encrypted and how the key is generated. This is generally a few hundred bytes.