1Written by Jari Ruusu <jariruusu@users.sourceforge.net>, September 10 2017
2
3Copyright 2002-2017 by Jari Ruusu.
4Redistribution of this file is permitted under the GNU Public License.
5
6
7Table of Contents
8~~~~~~~~~~~~~~~~~
91. General information
102. How to compile aespipe program
113. Examples
123.1. Example 1 - Encrypted archive with seeded and iterated key setup
133.2. Example 2 - Encrypted archive with gpg-encrypted key file
143.3. Example 3 - Encrypted CD-ROM
153.4. Example 4 - Adding encryption to existing file system
164. Files
175. Credits
18
19
201. General information
21~~~~~~~~~~~~~~~~~~~~~~
22aespipe program is AES encrypting or decrypting pipe. It reads from standard
23input and writes to standard output. It can be used to create and restore
24encrypted tar or cpio archives. It can be used to encrypt and decrypt
25loop-AES compatible encrypted disk images.
26
27Latest version of this package can be found at:
28
29 http://loop-aes.sourceforge.net/
30 http://sourceforge.net/projects/loop-aes/files/aespipe/
31
32
332. How to compile aespipe program
34~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
35To compile, test and install, run:
36
37 ./configure
38 make
39 make tests
40 make install
41
42Possible options for ./configure script:
43
44--disable-asm Disable assembler code for x86/amd64/padlock/intelaes
45--enable-asm=x86 Always use optimized assembler code for x86
46--enable-asm=amd64 Always use optimized assembler code for amd64
47--enable-padlock Add support for VIA padlock hardware AES
48--disable-padlock Remove support for VIA padlock hardware AES
49--enable-intelaes Add support for Intel hardware AES
50--disable-intelaes Remove support for Intel hardware AES
51
52Fastest code for 32 bit x86 (i386, IA-32 & clones):
53
54 ./configure --enable-asm=x86 --enable-padlock --enable-intelaes
55
56Fastest code for 64 bit amd64 (AMD64, x86-64, EM64T, Intel64):
57
58 ./configure --enable-asm=amd64 --enable-padlock --enable-intelaes
59
60When using GNU tool chain (C compiler, assembler, linker)
61x86/amd64/padlock/intelaes are automatically detected by ./configure script
62and need not be specified. Assembler code for x86/amd64/padlock/intelaes
63require GNU tool chain to compile correctly. If ./configure script
64incorrectly detects the tool chain in use, then --disable-asm option may be
65needed to successfully compile aespipe. --enable-padlock and
66--enable-intelaes options can be used in situations where build host
67computer doesn't have padlock/intelaes hardware, but intended target
68computer does. padlock/intelaes code always include run time fall back to
69slower software implementation in case the padlock/intelaes hardware isn't
70found.
71
72If you want to use special compiler and/or linker flags, ./configure script
73understands exported CFLAGS= and LDFLAGS= environment variables. In cases
74where compiler/linker produces position independent executable (PIE) by
75default and you want to use assembler optimized code, the PIE thingy needs
76to be disabled like this:
77
78 CFLAGS="-O2 -Wall -fno-pie" LDFLAGS="-no-pie" ./configure
79
80Above installs aespipe program to /usr/local/bin/ directory and man page to
81/usr/local/man/man1/ directory. If you want aespipe program installed in
82/usr/bin/ and man page installed in /usr/share/man/man1/, add
83"--bindir=/usr/bin" and "--mandir=/usr/share/man" parameters to ./configure
84script.
85
86When aespipe uses gpg version 2 to decrypt public-key encrypted key file,
87gpg needs special bug workaround. gpg version 1 does not need that
88workaround, and that workaround is not compatible with gpg version 1.
89configure script detects the need for this gpg bug workaround at configure
90time. If you change installed gpg version from 1 to 2, or from 2 to 1, then
91aespipe needs to be configured and compiled again to enable/disable the
92workaround.
93
94
953. Examples
96~~~~~~~~~~~
97Many of following examples depend on gpg-encrypted key files. gpg appears to
98prevent its own keys from being leaked to swap, but does not appear to
99prevent data handled by it from being leaked to swap. In gpg-encrypted key
100file cases, the data handled by gpg are aespipe encryption keys, and they
101may leak to swap. Therefore, use of gpg-encrypted key file depends on
102encrypted swap.
103
104
1053.1. Example 1 - Encrypted archive with seeded and iterated key setup
106~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
107A random password seed and password iteration count are used to slow down
108dictionary attacks. Edit bz2aespipe script to suit your needs, and copy it
109to someplace in your path, /usr/local/bin/ for example.
110
111Write files to bzip2 compressed, encrypted tar archive:
112
113 tar cvf archive.aes --use-compress-program=bz2aespipe files...
114
115Restore files from bzip2 compressed, encrypted tar archive:
116
117 tar xvpf archive.aes --use-compress-program=bz2aespipe
118
119
1203.2. Example 2 - Encrypted archive with gpg-encrypted key file
121~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
122Create 65 random encryption keys and encrypt those keys using gpg. Reading
123from /dev/random may take indefinitely long if kernel's random entropy pool
124is empty. If that happens, do some other work on some other console (use
125keyboard, mouse and disks). Use of gpg-encrypted key file depends on
126encrypted swap.
127
128 head -c 3705 /dev/random | uuencode -m - | head -n 66 | tail -n 65 \
129 | gpg --symmetric -a >mykey1.gpg
130
131Write files to bzip2 compressed, encrypted tar archive. aespipe asks for
132passphrase to decrypt the key file.
133
134 tar cvf - files... | bzip2 | aespipe -w 10 -K mykey1.gpg >archive.aes
135
136Restore files from bzip2 compressed, encrypted tar archive. aespipe asks for
137passphrase to decrypt the key file.
138
139 aespipe -d -K mykey1.gpg <archive.aes | bzip2 -d -q | tar xvpf -
140
141
1423.3. Example 3 - Encrypted CD-ROM
143~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
144Create 65 random encryption keys and encrypt those keys using gpg. Reading
145from /dev/random may take indefinitely long if kernel's random entropy pool
146is empty. If that happens, do some other work on some other console (use
147keyboard, mouse and disks). Use of gpg encrypted key file depends on
148encrypted swap.
149
150gpg encrypted key file is recorded to first 8192 bytes of the CD-ROM. Key
151file does not use all of 8192 bytes so remaining part of the 8192 bytes is
152padded with newlines.
153
154 yes "" | dd of=image.iso bs=512 count=16
155 head -c 3705 /dev/random | uuencode -m - | head -n 66 | tail -n 65 \
156 | gpg --symmetric -a | dd of=image.iso conv=notrunc
157
158Create encrypted ISO9660 CD-ROM image that can be mounted using Linux
159loop-AES crypto package version 3.0a or later:
160
161 mkisofs -quiet -r directory-tree | aespipe -K image.iso -O 16 >>image.iso
162
163This image file can then be mounted under Linux like this:
164
165 mount -t iso9660 image.iso /cdrom -o loop=/dev/loop0,encryption=AES128,gpgkey=image.iso,offset=8192
166
167Or, after writing image.iso to CD-ROM, like this:
168
169 mount -t iso9660 /dev/cdrom /cdrom -o loop=/dev/loop0,encryption=AES128,gpgkey=/dev/cdrom,offset=8192
170
171Or, if this line is added to /etc/fstab file:
172
173 /dev/cdrom /cryptcd iso9660 defaults,noauto,loop=/dev/loop0,encryption=AES128,gpgkey=/dev/cdrom,offset=8192 0 0
174
175Then encrypted CD-ROMs can be mounted and unmounted like this:
176
177 mkdir /cryptcd
178 mount /cryptcd
179 umount /cryptcd
180
181In above mount cases the mounted device name must be identical to gpgkey=
182definition and offset= must be specified. That condition is special cased
183inside mount and losetup programs to prevent gpg from reading all of cdrom
184contents when gpg is decrypting the key file.
185
186If you ever need to extract unencrypted image of encrypted CD-ROM, you can
187do that like this:
188
189 dd if=/dev/cdrom bs=8192 count=1 of=key.gpg
190 dd if=/dev/cdrom bs=8192 skip=1 | aespipe -d -K key.gpg -O 16 >clear.iso
191
192Latter of above dd commands may cause some kernel error messages when dd
193command attempts to read past end of CD-ROM device.
194
195
1963.4. Example 4 - Adding encryption to existing file system
197~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
198Create 65 random encryption keys and encrypt those keys using gpg. Reading
199from /dev/random may take indefinitely long if kernel's random entropy pool
200is empty. If that happens, do some other work on some other console (use
201keyboard, mouse and disks). Use of gpg-encrypted key file depends on
202encrypted swap.
203
204 umask 077
205 head -c 3705 /dev/random | uuencode -m - | head -n 66 | tail -n 65 \
206 | gpg --symmetric -a >/etc/fskey1.gpg
207
208Add loop-AES (v3.0a or later) compatible encryption to 1.44 MB floppy disk:
209
210 dd if=/dev/fd0 bs=64k | aespipe -K /etc/fskey1.gpg | dd of=/dev/fd0 bs=64k conv=notrunc
211
212Encrypted floppy can be mounted and unmounted under Linux like this:
213
214 mount -t ext2 /dev/fd0 /floppy -o loop=/dev/loop1,encryption=AES128,gpgkey=/etc/fskey1.gpg
215 umount /floppy
216
217Remove encryption from loop-AES encrypted 1.44 MB floppy disk:
218
219 dd if=/dev/fd0 bs=64k | aespipe -d -K /etc/fskey1.gpg | dd of=/dev/fd0 bs=64k conv=notrunc
220
221
2224. Files
223~~~~~~~~
224ChangeLog History of changes and public releases.
225
226Makefile.in Source for generated Makefile. configure script reads this
227 and creates Makefile.
228
229README This README file.
230
231aes-GPL.diff A patch for aes-amd64.S and aes-x86.S files that updates
232 licenses to be fully GPL compatible. aes-amd64.S and
233 aes-x86.S files are derived from Brian Gladman's December
234 2001 published version that had no mention of GPL, but both
235 Brian Gladman and Jari Ruusu permit this license change.
236
237aes-amd64.S Optimized assembler implementation of AES cipher for AMD64
238 and compatible processors.
239
240aes-intel*.S Optimized assembler implementation of AES cipher using Intel
241 hardware AES instructions for x86 processors in 32 bit or 64
242 bit mode.
243
244aes-x86.S Optimized assembler implementation of AES cipher for x86
245 processors.
246
247aes.[ch] AES encryption functions, portable and usable in Linux
248 kernel and in user space, as well as in other operating
249 systems.
250
251aespipe.1 Man page for aespipe.
252
253aespipe.c Main aespipe source that calls cipher and hash functions in
254 aes.c/aes-*.S md5.c/md5-*.S sha512.c rmd160.c files.
255
256bz2aespipe Example script to be used as GNU tar 'compress' program.
257 This script both compresses and encrypts the archive. Edit
258 default options in the script and install it somewhere in
259 your path, /usr/local/bin/ for example.
260
261configure Script to create Makefile.
262
263configure.ac Source for configure script.
264
265gpgkey[123].asc gpg encrypted key files that are used by Makefile when "make
266 tests" command is run. These key files are encrypted with
267 symmetric cipher using 12345678901234567890 password.
268
269md5-2x-amd64.S Optimized assembler implementation of MD5 transform function
270 for AMD64 and compatible processors. Does two transforms
271 simultaneously.
272
273md5-amd64.S Optimized assembler implementation of MD5 transform function
274 for AMD64 and compatible processors.
275
276md5-x86.S Optimized assembler implementation of MD5 transform function
277 for x86 processors.
278
279md5.[ch] MD5 transform function implementation that is used to
280 compute IVs. This source code was copied from Linux kernel
281 CryptoAPI implementation.
282
283rmd160.[ch] Implementation of RIPE-MD160. This source code was copied
284 from GnuPG.
285
286sha512.[ch] Implementation of SHA-256, SHA-384, and SHA-512.
287
288
2895. Credits
290~~~~~~~~~~
291This package uses AES cipher sources that were originally written by
292Dr Brian Gladman:
293
294// Copyright (c) 2001, Dr Brian Gladman <brg@gladman.uk.net>, Worcester, UK.
295// All rights reserved.
296//
297// TERMS
298//
299// Redistribution and use in source and binary forms, with or without
300// modification, are permitted subject to the following conditions:
301//
302// 1. Redistributions of source code must retain the above copyright
303// notice, this list of conditions and the following disclaimer.
304//
305// 2. Redistributions in binary form must reproduce the above copyright
306// notice, this list of conditions and the following disclaimer in the
307// documentation and/or other materials provided with the distribution.
308//
309// 3. The copyright holder's name must not be used to endorse or promote
310// any products derived from this software without his specific prior
311// written permission.
312//
313// This software is provided 'as is' with no express or implied warranties
314// of correctness or fitness for purpose.
315