Multiple encryption with loop-aes


Latest release is tripl-0.72 9/21/2009

Get it here

on Sourceforge.

About tripl

tripl is a command-line tool for simplifying single or multiple encryption of one or more partitions using loop-aes.

Loop-aes is the most mature of all partition encryption schemes for Linux. It is stable, fast, and works efficiently with large data stores. However loop-aes does not provide a built-in interface to automate GnuPG key generation or do multiple encryption layers via chained loop devices. Tripl is a wrapper for loop-aes v3.x, written in bash, that provides a simple mechanism for these tasks.

Tripl is not restricted to using multiple cipher layers and can just as easily be used to do a single layer of encryption. If tripl is configured for multiple encryption, it transparently handles selection and chaining of loop devices for multiple ciphers. You can create an encrypted partition layering aes128 on top of serpent128 on top of twofish128, or any combination of one or more of these three ciphers. Also, the user need not know what a loop device is. Tripl simplifies setting up loop-aes encrypted partitions for novice users and can be used as a loop-aes "quick start" script.

In addition, since tripl does not use /etc/fstab and instead reads from a simple configuration file, it is ideally suited for use on livecds that support loop-aes such as Knoppix. On livecds, /etc/fstab may not always be writable or persistent between sessions.

Why use multiple encryption layers?

Because we can! Other popular encryption programs, such as Truecrypt or PGPDisk, provide multiple encryption layers, so why not provide this ability for loop-aes. Seriously: there is nothing wrong with a single encryption layer using well-tested ciphers such as those used by loop-aes. There might be an argument to say that multiple encryption layers using different ciphers could provide greater security should there be a vulnerability associated with one of layers. Note the ciphers used in loop-aes are all well regarded and are unlikely to be "broken" any time soon (as far as is likely to be made public anyway). Any vulnerability is more likely to be associated with the particular system or implementation than the cipher itself. However, encryption is an inexact science. Be aware that extra layers create more CPU load and are not a panacea for poor security or privacy in the management of your system/plaintext.

Quick start

To use tripl, you need to have loop-aes, associated patched utilities and GnuPG installed on your system. Some distributions, for example Knoppix, ship with these already installed. Set the options for your new encrypted partition in ~/.triplrc.

See the tripl readme included in the tarball for more information.

First make an external GnuPG-encrypted key chain for your encrypted partition easily with:
tripl -k

At the prompt enter the full path and name of your new key. Then set this path to your key in ~/.triplrc. You only need to make one external key. For multiple encryption, by default tripl will automatically create a new key for each encryption layer, prompting you to enter and then confirm a passphrase for each layer, and it will embed this key in the previous encryption layer. So you only have to ever manage one external key. However, if you prefer, you can use all external keys – set this option in ~/.triplrc

Then prepare your partition by typing:
tripl -n

This step can take a very long time for large partitions (hours or days), but you only do it once. Partitions may be prepared for single, double or triple encryption (hence: “tripl” - get it?) using any combination of the ciphers supported by loop-aes v.3.x using a multi line GnuPG-encrypted key chain.

Once prepared, you can mount your new encrypted partition:
tripl -m

When you have finished working, to put your data safely away type:
tripl -u

and the partition will be umounted.

That's it.

For maintenance, after a bad umount or every so often run:
tripl -r

to fsck your encrypted filesystem.

More than one partition

You can tell tripl to use a device and settings other than those in ~/.triplrc by using a separate configuration file for that device and pointing tripl with the -f option:
tripl -f /path/to/someconfigfile -m

Obviously you must continue to pass someconfigfile to tripl with the -f option for all tripl actions on that device/partition. Without the -f switch, tripl will look for settings in ~/.triplrc. If that does not exist, tripl will create it on first run. Use ~/.triplrc as a template to make configuration files for different devices/partitions.

More than one encrypted device/partition can be in use at the same time by using a config file for each and pointing tripl at the particular config file as required. The only limit here is the number of loop devices on your Linux system, usually eight. You need one free loop device for each encryption layer for each partition. Tripl will throw an error when it runs out of free loop devices to use.

Security issues

Insecure passphrases (google for information) make encryption a waste of time. Plaintext (unencrypted stuff) can leak to swap - either disable or encrypt your swap file before using tripl. If you cannot do that, do swapoff -a after use and then shred your swap. (Tripl may include a switch to encrypt swap in the future). GnuPG has a config setting to use increased hash iterations when making your keys - tripl tests for this before making a key and provides a message and an option to quit if you are using the standard number of iterations.

If an encrypted partition is umounted properly (tripl -u), loop-aes will wipe the decrypted keys in memory which should thwart the recovery of keys from DRAM by an attacker with access to the machine. (This wiping occurs regardless of the KEYSCRUB=yes loop-aes make setting for the aes cipher). However, if power to the machine is interrupted without a proper umount, loop-aes (like most partition encryption schemes) is vulnerable to the cold boot attack. There are a number of provisos to this however, including the ambient temperature and how much time has elapsed before attempting to recover keys from DRAM. Another potential RAM-related vulnerability is the linux kernel's use of unsanitized pipe buffers - key information is passed from GnuPG to loop-aes via a pipe. Jari Ruusu has provided a patch for the 2.4.xx kernel series to plug this issue.


Won't my .triplrc give away which partition is encrypted and the location of my GnuPG key?

If you live under an oppressive regime, you might (for example) want to take steps to encrypt, hide, or simply recreate your triplrc when needed and shred it when not. Some livecds can make an encrypted backup of files that persist between sessions, including config files and bash history. Residents of the UK who use any encryption might want to be aware of the RIP Act.

Does tripl work with dmcrypt or on BSD/Solaris/MacOS/Windows?

No - tripl is for loop-aes v3.x, which only works on Linux.

Someone told me you shouldn't use ext3 with loop-aes.

This misconception about journaling filesystems probably arises from a careless reading of the loop-aes README. It is not only ok but preferable to use a journaling filesystem such as ext3 on your encrypted partition since journaling will most likely preserve your data in the event of a bad umount better than fsck (performed with tripl -r) can fix it. NOTE however this is subject to the proviso that, if using a journaling filesystem, you either (1) use a UPS (Uninterruptible Power Supply), or (2) a reliable well-charged battery (ie a laptop), or (3) disable write caching on the device with hdparm -W0 /dev/hdX. This is to prevent the possibility of out-of-order disk writes occuring in the event of a power outage, which could result in loss of data.

More information on loop-aes

Besides the loop-aes README, try Marcus Reichelt's loop-aes FAQ and the searchable archive of the linux-crypto mail list.


Comments and suggestions concerning tripl are welcome – see sourceforge or the tripl readme for my email contact.

Last updated 9/21/2009