The cgd driver provides functionality which allows you to use disks or partitions for encrypted storage. After authentication the encrypted partition is accesible using cgd pseudo-devices. The cgd driver provides the following encryption algorithms:
aes-cbc: AES (Rijndael). AES uses a 128 bit blocksize and accepts 128, 192 or 256 bit keys.
blowfish-cbc: Blowfish uses a 64 bits blocksize and accepts 128 bit keys
3des-cbc: Triple DES uses a 64 bit blocksize and accepts 192 bit keys (only 168 bits are actually used for encryption)
All three ciphers are used in CBC mode. This means each block is XORed with the previous encrypted block before encryption. This reduces the risk that a pattern can be found, which can be used to break the encryption.
Another aspect of cgd that needs some attention are the verification methods cgdconfig provides. These verification methods are used to verify the passphrase is correct. The following verification methods are available:
none: no verification is performed. This can be dangerous, because the key is not verified at all. When a wrong key is entered cgdconfig configures the cgd device as normal, but data which was available on the volume will be destroyed (decrypting blocks with a wrong key will result in random data, which will result in a regeneration of the disklabel with the current key).
disklabel: cgdconfig scans for a valid disklabel. If a valid disklabel is found with the key that is provided authentication will succeed.
ffs: cgdconfig scans for a valid FFS file system. If a valid FFS file system is found with the key that is provided authentication will succeed.
To use cgd you need a kernel with support for the cgd pseudo device. Make sure the following line is in the kernel configuration:
pseudo-device cgd 4 # cryptographic disk driver
The number specifies how many cgd devices may be configured at the same time. After configuring the cgd pseudo-device you can recompile the kernel and boot it to enable cgd support.
The best way to learn something is by practice. In this section we will look at an example of setting up cgd. In this example we have reserved the "h" partition of the wd0 disk for encryption purposes, and we want want to create an encrypted FFS filesystem. The first thing that needs to be done is to create a configuration file for the wd0h parition. This file is named /etc/cgd/wd0h. This file can be created using the cgdconfig. Suppose we want to use the Blowfish cipher and want to check for an FFS filesystem for verification, this command would create that configuration:
# cgdconfig -g -o /etc/cgd/wd0h -V ffs blowfish-cbc
The "-g" parameter forces cgdconfig to create a configuration file, the filename is specified by the "-o" parameter. The "-V" parameter specifies which verification method should be used, valid choices are none, disklabel, and ffs (which are explained above). The resulting configuration file looks like this:
algorithm blowfish-cbc;
iv-method encblkno;
keylength 128;
verify_method ffs;
keygen pkcs5_pbkdf2 {
iterations 71564;
salt AAAAgOGFALVANSHf61jf4XYlnUI=;
};
At this moment we have created a configuration file and we can start to use this configuration. The next thing that has to be done is to configure an cgd pseudo device. This can be done with the following command:
# cgdconfig -V none cgd0 /dev/wd0h
This command configures the cgd0 device to use the wd0h parition to store encrypted data. At this point we will not use verification, because the cgd0 "disk" does not have a valid FFS filesystem. cgdconfig will ask for a passphrase, just enter the passphrase you would like to use for this encrypted partition. You can use the cgd0 device as an normal disk and disklabel it. Create a partition with the 4.2BSD type and make a FFS filesystem on this partition with newfs.
After the initial partitioning and formatting the cgd pseudo-device can be unconfigured with:
# cgdconfig -u cgd0
After these configuration steps the encrypted partition can be used with:
# cgdconfig cgd0 /dev/wd0h
Note that the "-V" parameter is omitted. The verification method configured in /etc/cgd/wd0h will be used.
A question that pops up quite often on the mailinglists is how one can setup NetBSD to encrypt swap. While the instructions above should be sufficient to know how to set up swap, we will provide a short outline in this section. In this example we will use wd0b for storage of the encrypted swap partition. Swap will be encrypted with the Blowfish cipher. As normal, the first step is to create a cgd configuration file. This time we will use the "-k" parameter to generate a random key, and we will not use a verification method (because the parition will be reinitialized after each boot). Execute the following command to generate /etc/cgd/wd0b:
# cgdconfig -g -o /etc/cgd/wd0b -V none -k randomkey blowfish-cbc
With the configuration file set up we can configure the cgd0 pseudo-device:
# cgdconfig cgd0 /dev/wd0b
The next step is to configure the disklabel and to save it to /etc/cgd/wd0b.disklabel. Please refer to disklabel(8) for information about how to use disklabel to set up a swap partition.
Now we have to configure cgd to make sure cgd0 is configured during boot process of NetBSD. Add the following line to /etc/cgd/cgd.conf:
cgd0 /dev/wd0b
cgd0 is reinitialized with a blank disklabel after a reboot, because no verification is used and a random key is generated. So, the cgd0 device has to disklabelled with the disklabel we just saved during each boot. This can be done by creating the /etc/rc.conf.d/cgd and add this function (thanks to Lubomir Sedlacik):
swap_device="cgd0"
swap_disklabel="/etc/cgd/wd0b.disklabel"
start_postcmd="cgd_swap"
cgd_swap()
{
if [ -f $swap_disklabel ]; then
disklabel -R -r $swap_device $swap_disklabel
fi
}
Finally add the cgd0 partition you configured to /etc/fstab.