用途別の暗号化手法

以下のテキストは、執筆時当時の情報を元に書いたものであり、 現在の情勢にそぐわないことを含む場合があるので注意されたい。 また、テキストは最終提出原稿で校正を経る前のものなので、実際にOSM 本誌に記載されたものとは異なる。誤字脱字等そのままである。

致命的な誤り以外は加筆修正等は行なわないので情報の鮮度に気をつけつつ 利用して欲しい。

目次


======================================================================
Part 2 
======================================================================





SSHHTTPS


	
	








PC
PC

Part2









()

 
()/
zip()


/
 






---[ ]------------------------------------------------------------------

 -------------------+-----------------------------------------------------
                    |     |
    |         |
              |	      |
		    |	      |
		    |---------+-----------------------------------------
                    |   |
                    | |
                    |         |
 -------------------+-----------------------------------------------------
                    |     |()
    |	      |
  		    |	      |
          |	      |
    		    |	      |
		    |---------+-----------------------------------------
		    |   |
		    | |  
		    |	      |  (cfsd [1])
		    |	      |
		    |	      |  
 -------------------+-----------------------------------------------------
                    |     |()
    |	      |
          |	      |
		    |	      |
		    |---------+-----------------------------------------
		    |   |()HDD
		    | |
		    |	      |
		    |	      |  
 -------------------+-----------------------------------------------------
          |     |()
  ()    |	      |
		    |	      |
          |---------+-----------------------------------------
		    |   |OS
		    | |
		    |         |
 ===================+=====================================================
        |()
  /	    |
  	    |
 -------------------+-----------------------------------------------------


----------------------------------------------------------------------------




	* 
	* 
	  
	* ()
	* 
	  













()
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Part3









Info-ZIP



Info-ZIPzip -e 


	% zip -e foo file-1 file-2 file-3 ....
	Enter password: 
	Verify password: 

 file-1 file-2 file-3 ....  foo.zip 
zip 2.3 80()


 unzip 

	 % unzip foo.zip
	 Archive:  foo.zip
	 [foo.zip] date password: 

zip

	* 
	* 

unzip
 -c 

	% unzip -cqq foo.zip


PGP

PGPPGP


PGP


Part3

Emacs

/












(ACL)



PC



 FreeBSD GBDE(Geom Based Disk Encryption), Linux
dm-crypt(device-mapper crypto target), NetBSD CGD(cryptographic disk
driver) 

	(1) 
	(2) 
	(3) 2
	(4) 
	(5) fstab

(1)





(2)

00

0 



---[ ]------------------------------------------------------------------
0
----------------------------------------------------------------------------

FreeBSD GBDE

FreeBSD(5)GEOM
GBDE GBDEAES-CBC-128


---[ ]------------------------------------------------------------------
 FreeBSD 5.5/6.0 GELIGEOM
----------------------------------------------------------------------------

(1) 
    ----------------------------------
HDDUSB-HDD
/dev/da0 HDD
vnode(100MB)

	()
	# dd if=/dev/zero of=gbde-test.fs bs=1m count=100
	# mdconfig -a -t vnode -f gbde-test.fs -u 0

HDD /dev/da0vnode /dev/md0 
/dev/da0 bsdlabel


	# bsdlabel -w da0
	# bsdlabel -e da0
	()


(2) 



	# gbde init /dev/da0
	Enter new passphrase:
	Reenter new passphrase:


2
0 .bde 


	# gbde attach /dev/da0
	Enter passphrase:
	# dd if=/dev/zero of=/dev/da0.bde bs=1m

(3) 2

detach

	# gbde detach /dev/da0

(4) 




	# gbde init /dev/da0 -L /etc/da0.lock
	Enter new passphrase:
	Reenter new passphrase: 

-L




attach

	# gbde attach /dev/da0 -l /etc/da0.lock
	Enter new passphrase:

newfs

	# newfs -U /dev/da0.bde

(5) fstab

newfs /dev/da0.bde fstab


/etc/fstab  *.bde /home  /opt GBDE


	/dev/da0.bde  /home  ufs  rw  0 1
	/dev/da1.bde  /opt   ufs  rw  0 1

/etc/rc.conf GBDE

	gbde_autoattach_all="YES"
	gbde_devices=AUTO
	gbde_lockdir="/foo"  #  /etc 
	# 
	gbde_lock_da1="////opt.lock"

FreeBSD 5.4R6.0R


	/etc/rc.d/gbde start




Linux dm-crypt

dm-cryptLinux 2.6  device
mapper  dm-crypt 
FreeBSD GBDEdm-crypt 
dmsetupcryptsetup

---[ ]------------------------------------------------------------------
http://sources.redhat.com/dm/
----------------------------------------------------------------------------

cryptsetp


	http://www.saout.de/misc/dm-crypt/

Download cryptsetup 
 ./configure && make && make install 


(1) 

HDD /dev/sda 
loop(
100MB)

	()
	# dd if=/dev/zero of=crypt-test.fs bs=1M count=100
	# losetup /dev/loop0 crypt-test.fs

HDD/dev/sda loop


(2) 


 hoge 


	# cryptsetup create hoge /dev/sda
	Enter passphrase: 

 /dev/mapper/hoge 


	# dd if=/dev/zero of=/dev/mapper/hoge bs=1M

(3) 2

	# cryptsetup remove hoge


(4) 



	# cryptsetup create hoge /dev/sda
	Enter passphrase: 


mkfs

	# mkfs.ext3 /dev/mapper/hoge

(5) fstab

4 /dev/mapper/hoge  /etc/fstab 




NetBSD CGD

NetBSDCGD
pkcs5_pbkdf2/sha1AES-CBC-128
(4)

(1) 

FreeBSDvnode
(100MB)

	()
	# dd if=/dev/zero of=cgd-test.fs bs=1m count=100
	# vnconfig -c vnd0 cgd-test.fs

HDD /dev/sd0d vnode
 /dev/vnd0d 

(2) 

CGDcgdconfig
/dev/urandom  

	# cgdconfig -s cgd0 /dev/sd0d aes-cbc 128 < /dev/urandom
	# dd if=/dev/zero of=/dev/rcgd0d

---[ ]------------------------------------------------------------------
 /dev/urandom 

----------------------------------------------------------------------------

(3) 2

	# cgdconfig -u cgd0

(4) 



cgdconfig ()
AES-CBC-256 

	# cgdconfig -g -V disklabel -o /etc/cgd/sd0d aes-cbc 256

---[ ]------------------------------------------------------------------
"could not calibrate pkcs5_pbkdf2" 
PKCS#5CPU
2CPU
(CPUVMwareOS
PC)


rndctl


	# rndctl -ce -t net
	# rndctl -ls

cgdconfig -g

----------------------------------------------------------------------------

-o 
salt


	/etc/cgd/

 sd0d 
/etc/cgd/sd0d 
()

-V  "disklabel" 
 disklabel 






(re-enter)

	# cgdconfig -V re-enter cgd0 /dev/sd0d

 /dev/cgd0 disklabel


	# disklabel -I -e cgd0
	(vi ZZ )

disklabel a 
/dev/rcgd0a newfs

	# newfs /dev/rcgd0a

(5) fstab

/dev/cgd0a fstab
cgdconfig /etc/rc.conf 

	cgd=YES

1cgdconfig  /etc/cgd/cgd.conf 
(sd0d  cgd0) 
	
---[ ]--------------------------------------------------------------
# cgd           target          [paramsfile]
cgd0		/dev/sd0d
----------------------------------------------------------------------------

CGD

cgdconfig  -k 


	# cgdconfig -g -k storedkey -V disklabel \
		-o /etc/cgd/sd1d aes-cbc 256

/etc/cgd/sd1d 


	# cgdconfig -V none cgd0 /dev/sd0d

disklabelnewfs cgdconfig disklabel

	# disklabel -I -e cgd0		(disklabel)
	# newfs /dev/rcgd0a
	# cgdconfig -u cgd0		()
	# cgdconfig cgd0 /dev/sd0d	(disklabel)


(/etc/cgd/sd0d) /etc/cgd/cgd.conf
 
	

---[ ]--------------------------------------------------------------
# cgd           target          [paramsfile]
cgd0		/dev/sd0d	////sd0d
----------------------------------------------------------------------------








/CPU





AMD Athlon XP 2600+ NetBSD 3.0_STABLE VMware 

  * FreeBSD 6.0-RELEASE + CGDE(aes-128-cbc)
  * Linux 2.6.11-1.1369_FC4 + dm-crypt(aes-256-plain)
  * NetBSD 3.0_STABLE + CGD (aes-256-cbc)

80MB




  * dd 1MB100(100MB)
  * 9262124MB192MB tar.gz 
    (tar.gz)

2Linuxext3fs
FreeBSD ufs+softupdatesNetBSDffs+softdep

OS
10()

FreeBSD 6.0 GBDE

---[ ]------------------------------------------------------------------
FreeBSD 6.0R + GBDE

		100MB sequential write		tar.gz

				 			
  GBDE	 2.77	0.15			104.50	1.06
  GBDE	44.60	1.27			218.12	3.09
  	 6.6%				 47.9%
----------------------------------------------------------------------------

---[ ]------------------------------------------------------------------
Linux 2.6.11 + dm-crypt

		100MB sequential write		tar.gz

				 			
  dm-crypt	 7.17	2.26			104.33	 8.44
  dm-crypt	17.10	2.65			 97.38	 7.01
  	41.9%				107.1%
----------------------------------------------------------------------------

---[ ]------------------------------------------------------------------
NetBSD 3.0 + CGD

		100MB sequential write		tar.gz

				 			
  cgd	 4.52	1.32			 68.26	2.01
  cgd	 8.71	1.40			 84.26	5.43
  	51.8%				 81.0%
----------------------------------------------------------------------------

OSsequential write 

 sequential write
HDD?
()










HDD
BIOSHDDOS



digicrypt X-Wall Secure PCI Card 


---[ ]------------------------------------------------------------------
http://www.x-wallsecure.jp/products/PCI_Card.html
----------------------------------------------------------------------------

X-Wall Secure PCI Card

 
X-Wall Secure PCI Card(digicrypt) PCI
digicryptdigicryptHDD


---[ ]------------------------------------------------------------------



   +----- Main Board ------+
   |                       |
   |  [-------]            |
   |     :..........+----+ |    Parallel ATA HDD
   |                |HDD | |   	  
   |                |    | |
   |		    +----+ |
   +-----------------------+



   +----- Main Board ------+
   |                       |
   |  [-------]            |
   |     ..........[-----] |
   |	 	      ::   |
   |                +----+ |    Parallel ATAPCI
   |                |HDD | |   	  X-Wall PCI
   |                |    | |	  X-Wall
   |		    +----+ |	  HDD
   +-----------------------+

----------------------------------------------------------------------------

HDD
Ultra ATA 133MHz Maxtor 6L160P0
JP4digicrypt133MHz

---[ ]------------------------------------------------------------------
%image dcp_2423.jpg	X-Wall PCI CardATA
%image dcp_2425.jpg	
%image dcp_2426.jpg	IDE Cannel 1 Master 
%image dcp_2431.jpg	BIOS(1) HDD
%image dcp_2432.jpg	BIOS(2) HDD
----------------------------------------------------------------------------

FreeBSD FreeBSD 6.1-PRERELEASE 
BIOSHDD
HDD 



	ad2: 156334MB  at ata1-master UDMA133

digicrypt
HDD




digicryptHDD
HDD

HDD





2 

---[ ]------------------------------------------------------------------
RAID

----------------------------------------------------------------------------

HDD
digicrypt0
128
OS


	# dd if=/dev/urandom of=/dev/ad2






digicrypt




CPU:			AMD 64 3000+ 1808.94-MHz
: 		1GB
IDE:	AcerLabs M5229 Ultra DMA 133
HDD:			Maxtor 6L160P0 (Ultra DMA 133)
OS:			FreeBSD 6.1-PRERELEASE (20062)


 softupdates 
 digicrypt




---[ ]------------------------------------------------------------------
		100MB sequential write		tar.gz

				 			
  digicrypt	 1.60	0.08			 48.50	4.00
  digicrypt	 1.62	0.03			 48.40	3.64
  	98.6%				100.2%
----------------------------------------------------------------------------



!








---[ ]------------------------------------------------------------------
----------------------------------------------------------------------------
---[ ]------------------------------------------------------------------
----------------------------------------------------------------------------



URL


[1] CFS		http://www.crypto.com/papers/cfs.pdf

[2] GBDE:	http://phk.freebsd.dk/pubs/bsdcon-03.gbde.paper.pdf
[3] GELI:	http://www.subterrain.net/~jbl/FreeBSD%20Disk%20Encryption%20With%20geli.pdf
[4] dm-crypt:	http://www.saout.de/misc/dm-crypt/
[5] CGD:	http://www.imrryr.org/~elric/cgd/cgd.pdf
		http://www.onlamp.com/pub/a/bsd/2005/12/21/netbsd_cgd.html
[6] fcrackzip	http://www.goof.com/pcg/marc/fcrackzip.html


yuuji@gentei.org
Fingerprint16 = FF F9 FF CC E0 FE 5C F7 19 97 28 24 EC 5D 39 BA
HIROSE Yuuji - ASTROLOGY / BIKE / EPO / GUEST BOOK / YaTeX [Tweet]