4 replies to this topic

[bugmenot]

I'm looking to setup a script to automatically encrypt the SD card using dm-crypt (the same tool used in Froyo's app2sd).

My targets are as below:

• A wizard to setup disk/partition encryption.
  
• The key can be randomized by the device itself, or manually configured by user, and stored on the phone's memory (the point is that the content on the SD card will NOT be readable once removed from the device.
  
• Automatically mount and dismount during boot and shutdowns.
  
• Compatibility with the native USB mount feature.

It's my understanding that the encryption/decryption will be done in the background and transparent to the user. I also understand that there will be a hit on the performance and battery life.

Pardon my ignorance but I'm new to this, I suppose we need to edit the init.rc scripts...?

Any help will be highly appreciated!

Some references:

http://www.hermann-u...luks-and-debian
http://en.gentoo-wik...#Initrd_Scripts
http://www.saout.de/....php?page=HOWTO

Edited by bugmenot, 14 October 2010 - 08:20 PM.

[bugmenot]

I looked further and found that Android uses vold, and most dm-crypt stuff out there involves editing /etc/fstab which is not used on Android at all.

Basically, I'm not worried about setting up the encrypted device but how can I make Android mount the drive (fat32) automatically during boot?

Any idea...?

http://forums.gentoo...c-t-274651.html

Edited by bugmenot, 14 October 2010 - 08:23 PM.

[bugmenot]

Any pointers...?

[Mar00k]

Great idea! Cant help with coding, because not a programmer =)
But I'm interested in this encryption method. As far as I see, this is the shortest way to see SD card encryption. Think that Google will not add this feature to Android in near future.

find some information about this:
http://androidvoid.w...setup-and-luks/

Edited by Mar00k, 27 November 2010 - 01:38 PM.

[ac1965]

Mar00k, on 27 November 2010 - 01:33 PM, said:

Great idea! Cant help with coding, because not a programmer =)
But I'm interested in this encryption method. As far as I see, this is the shortest way to see SD card encryption. Think that Google will not add this feature to Android in near future.

find some information about this:
http://androidvoid.w...setup-and-luks/

i run gentoo on Desire HD. and made kernel with dm-crypt.

CONFIG_BLK_DEV_DM=y
CONFIG_DM_CRYPT=y
CONFIG_CRYPTO_SHA256=y
CONFIG_CRYPTO_AES=y
CONFIG_CRYPTO_CBC=y

emerge cryptsetup

cp /path/gentoo-rfs/sbin/cryptsetup /data/local/tmp/
cd /data/local/tmp
dd if=/dev/urandom of=10m-file bs=1024 count=100000
mknod /dev/loop0 b 7 0
losetup $(losetup -f) 10m-file
./cryptsetup luksFormat /dev/loop0
./cryptsetup luksOpen /dev/loop0 xxx
./cryptsetup luksDump /dev/loop0

LUKS header information for /dev/loop0

Version:        1
Cipher name:    aes
Cipher mode:    cbc-essiv:sha256
Hash spec:      sha1
Payload offset: 2056
MK bits:        256
MK digest:      89 33 2d 86 9f e2 37 88 33 2d e7 c7 8d ee fe e3 cf c1 d6 e0
MK salt:        4c 01 2b e5 c4 da ef e8 12 d6 49 c2 ea af 10 e9
                cd 6b 95 82 1f 66 55 8f 8b 60 82 07 e1 f5 78 76
MK iterations:  9875
UUID:           771fe7fb-d7ef-4db5-8f43-9d2a9ddd38cf

Key Slot 0: ENABLED
        Iterations:             39597
        Salt:                   08 a1 91 e7 c8 60 f7 09 ca e0 dc 45 ac d9 f5 02

                                79 fc f5 98 b3 b2 15 3c 7e 4d 0f c2 aa b6 0d d4

        Key material offset:    8
        AF stripes:             4000
Key Slot 1: DISABLED
Key Slot 2: DISABLED
Key Slot 3: DISABLED
Key Slot 4: DISABLED
Key Slot 5: DISABLED
Key Slot 6: DISABLED
Key Slot 7: DISABLED

mke2fs /dev/mapper/xxx
mkdir xxx
mount /dev/mapper/xxx xxx
ls xxx
lost+found