The road towards 1.3 - cgdconfig needs more work

LUKSUS

@@ -72,7 +72,6 @@ fi
 DISPLAYLOGO
 # OSTEST
 OSTEST
-
 # PREPARE KEYFILE
 CREATEKEYFILE
 
@@ -108,10 +107,11 @@ GELI
 GELIKEYFILE
 GELIOPEN
 
-# CGD PROCESS COMMING SOON
-# CGD
+# CGD PROCESS COMING SOON
+CGD
 # CGDKEYFILE
 # CGDOPEN
+sleep 5s
 
 # BIOCTL PROCESS MIGHT BE COMING SOON
 # BIOCTL

LUKSUS.checks

@@ -37,6 +37,16 @@ else
 echo ""
 fi
 
+# test to see if the user wants cgd (NetBSD)
+if [[ "$3" = "cgd" ]] || [[ "$4" = "cgd" ]] || [[ "$5" = "cgd" ]] || [[ "$6" = "cgd" ]] || [[ "$7" = "cgd" ]] || [[ "$8" = "cgd" ]] || [[ "$9" = "cgd" ]];
+then
+echo "Using CGD"
+ENCRYPTION=CGD
+if [ -z `which cgdconfig` ] ;then echo "Missing cgdconfig. Cannot continue. Please install cgdconfig and cgd tools" && exit; fi
+else
+echo ""
+fi
+
 
 
 # Dialog checks

LUKSUS.functions

@@ -14,19 +14,19 @@ fi
 OSTEST()
 {
 # OS Checking
-  if [[ $UNAME == Linux ]]
+  if [[ $UNAME = Linux ]]
   then
-#  ENCRYPTION=LUKS
+  ENCRYPTION=LUKS
   echo On $UNAME, defaulting to $ENCRYPTION
-  elif [[ $UNAME == DragonFly ]]
+  elif [[ $UNAME = DragonFly ]]
   then
-#  ENCRYPTION=LUKS
+  ENCRYPTION=LUKS
   echo On $UNAME, defaulting to $ENCRYPTION
   elif [[ $UNAME = FreeBSD ]]
   then
   ENCRYPTION=GELI
   echo On $UNAME, Encryption set to $ENCRYPTION
-  elif [[ $UNNAME = NetBSD ]]
+  elif [[ $UNAME = NetBSD ]]
   then
   ENCRYPTION=CGD
   else
@@ -205,7 +205,6 @@ KEYFILE:       $keyfile \n
 HEADER BACKUP: $headerbackup\n
 FILECONTAINER LOCATION: $luksfile\n
 FILECONTAINER SIZE: $luksfilesize\n
-ENCRYPTION USED: $ENCRYPTION\n
 USING KEYFILE: $USEKEY\n
 LOOPBACKDEVICE: $loopbackdevice\n
 OS: $UNAME\n\n
@@ -436,19 +435,22 @@ if [[ $ENCRYPTION == CGD ]] && [[ $USEKEY == false ]]
 then
 # CGD create
 echo Initializing $device with $ENCRYPTION
-cgdconfig -g -o /keys/$name.configfile aes-cbc 256
+cgdconfig -g -V $name -o $keydir/$name aes-cbc 256
+cgdconfig -g -o $keydir/$name aes-cbc 256
 cgdconfig $name $device
+cgdconfig -V re-enter $name $device
+else
 echo ""
 fi
 }
 
-CGDKEYFILE()
-{
-}
+#CGDKEYFILE()
+#{
+#}
 
-CGDOPEN()
-{
-}
+#CGDOPEN()
+#{
+#}
 
 CREATEANDMOUNTFS()
 {

LUKSUS.variables

@@ -1,6 +1,6 @@
 programname=LUKSUS
 version=v1.2.3
-date=26.08.2013
+date="26.08.2013"
 author="Thomas J. Frivold"
 time1="$(date +%s.%N)"
 # $1, %2, %3, %4 are command line arguments
@@ -21,4 +21,4 @@ width=$(echo $screensize | cut -d " " -f 2)
 datenow=$(date)
 USEKEY=false
 freebsdloopnumber=$(echo $device|{ read; echo "${REPLY#${REPLY%?}}";})
-ENCRYPTION=LUKS
+ENCRYPTION=LUKS

README

@@ -116,6 +116,7 @@ filecontainers on Linux. Once the volume has been created
 speeds are nominal. This has at least been the case in my 
 testing on Virtualbox instances of various Linux distributions.
 
+Really slow loopback device encryption in DragonFlyBSD:
 For some reason the cryptsetup tool in Dfly takes a very long time
 to do its work when it is manipulating loopback LUKS volumes, ie.
 file containers... I do not know the reason to this strange behaviour, 
@@ -127,6 +128,18 @@ loopback devices:)
 
 
 # FAQ:
+Q: I really want to learn more about crypto in Linux. Where should I start?
+A: This Kiwi guy wrote a series of excellent blog posts covering Linux
+crypto software and usage of these. I highly recommend reading through them:
+http://blog.sanctum.geek.nz/series/linux-crypto/
+Thanks a lot Tom Ryder, for these very thorough and awesome posts.
+
+Q: What are some alternatives to LUKSUS?
+The QT-based graphical zulucrypt is a graphical option:
+http://code.google.com/p/zulucrypt/
+
+
+
 Q: Why should I use this script? 
 A: I wrote this script because I wanted to have a way to easily and casually create encrypted volumes.
    Because doing all these tasks manually is 
@@ -164,6 +177,9 @@ A: It is based on the guides provided in the LUKS FAQ, Truecrypt/Tcplay FAQ, and
    OpenBSD crypto documentation: http://www.openbsd.org/crypto.html
    OpenBSD 16 systems tips: http://www.16s.us/OpenBSD/vnconfig.txt
    NetBSD disk encryption guide: http://julipedia.meroh.net/2012/02/encrypted-disk-images-in-netbsd.html
+   NetBSD disk encryption guide: http://gilbert.fernandes.pagesperso-orange.fr/fullcgd.txt
+   NetBSD disk encryption description: http://www.imrryr.org/~elric/cgd/cgd.pdf
+   NetBSD cgd author interview: http://www.onlamp.com/pub/a/bsd/2005/12/21/netbsd_cgd.html
 
 Q: How is the script designed?
 A: The script reuses code wherever possible and is heavily built around reusable variables.
@@ -343,16 +359,61 @@ Add LUKSUS status to key.information
 Add mount command and losetup/vnconfig to key.information for added usability
 Improve the actual output, if not using keyfile, then don't show
 the empty variables to the dialog screen... 
+Write a proper Jekyll Markdown Github page for the readme.
 
 New features todo:
 Add strongbox/keyvault option+Debate whether to call it strongbox or keyvault
 
 Project overall todo:
+Try to overhaul the README again, and create a section that this is
+opinionated software. There are some critical requirements.
 Get user feedback, feature requests
 Dare to post it to "Show Hackernews" (news.ycombinator.com)
 Dare to post it to newslists, DragonFlyBSD users list, NetBSD users
 list, FreeBSD users list 
 
+Improve this script to make it working (NetBSD cgdconfig)
+#!/usr/pkg/bin/bash -x
+#### The netbsd CGD drive encryption method is really arcane.
+
+# create cgd partition
+disklabel -i sd1
+
+# scrub partition with random data
+cgdconfig -s cgd0 /dev/sd1a aes-cbc 128 < /dev/urandom
+
+
+# scrub partition with zero ... however it will be converted into random
+# data using aes-cbc with a random key and cbc mode for XORing with previous
+# sectors.
+dd if=/dev/zero of=/dev/rcgd0a bs=32k
+
+
+# destroying the random key
+cgdconfig -u cgd0
+
+
+# build the cgd config file
+# skip the -V if you want data to be destroyed at first attempt of access with wrong key. For the truly paranoid.
+cgdconfig -g -V disklabel -o /etc/cgd/sd1a aes-cbc 256
+
+
+# specify the password
+cgdconfig -V re-enter cgd0 /dev/sd1a
+
+
+# create a disklabel (I don't really understand why we do this at this particular point in the process)
+disklabel -I -i /dev/cgd0
+
+
+# create filesystem
+newfs /dev/rcgd0a
+
+
+# configure cgdconfig - is this necessary???
+echo "cgd0 /dev/sd1a" >> /etc/cgd/cgd.conf
+
+
 
 ########################################################
 ###################CHANGELOG #########################