Crypto

Setup crypted Partition

You can use a cryptfile, but a partition is more comfortable than a 20gb file and more stable.

Commands - modern encryption - Android 6:

openssl enc -aes-256-ctr -pass pass:"$(dd if=/dev/urandom bs=128 count=1 2>/dev/null | base64)" -nosalt < /dev/zero > /dev/mmcblk0_foo
cryptsetup -c aes-xts-plain64 --key-size 512 --hash sha512 -y luksFormat /dev/mmcblk0p2  
cryptsetup luksOpen /dev/mmcblk0p2 sdhome
mkfs.ext4 -j -m 1 -O dir_index,filetype -L homecrypt /dev/mapper/sdhome 

Old android:

On a Android 4.0 device i used these settings, because the kernel does not support the cipher above:

cryptsetup luksDump ...

Cipher name:    twofish
Cipher mode:    cbc-plain
Hash spec:      sha1

This works, too:

cryptsetup -c aes-cbc-essiv:sha256 --hash sha256  -y luksFormat /dev/mmcblk0p2

Test:

mount /dev/mapper/sdhome /mnt/sd/
# cop< stuff ..
umount /mnt/sd
cryptsetup luksClose /dev/mapper/sdhome
# retry

Mount the partition in linux bootscript:

busybox mkdir $chrootdir/dev/block/
busybox -o bind /dev/block/ /$chrootdir/dev/block

Then inside the chroot, it can be mounted

cryptsetup luksOpen /dev/block/mmcblk0p2 sdhome
mount /dev/mapper/home /mnt/sd
 
Back to top
android_-_os/crypto.txt · Last modified: 2017/03/22 12:42 by tkilla