Mount encrypted HFS in ubuntu
You can't mount an HFS+ partition encrypted in OS X using mount
's option encryption=aes
. The reason is that encrypted HFS+ partitions and volumes use a proprietary format.
Neither Cryptoloop nor Loop-AES, which are the underlying decryption methods used by mount
and encryption
, understand that format.
This is what I found out:
Cryptoloop can mount partitions or disk images encrypted as a single AES block (this is called single-key mode, see http://www.tldp.org/HOWTO/html_single/Cryptoloop-HOWTO/#cryptoloop-introduction):
/dev/sdXX
disk image /dev/loopX
+-----------+ +-------------+
| | | |
| | | |
| | | unencrypted |
| AES block | -AES passwd->AES key->decrypt I/O to loop device-> | partition |
| | | |
| | | |
| | | |
+-----------+ +-------------+
AES-Loop can mount single-key (like above) and multi-key encrypted partitions or disk images:
/dev/sdXX
disk image /dev/loopX
+------------+ +-------------+
|AES block #1| | |
+------------+ | |
|AES block #2| | unencrypted |
+------------+ -AES passwd->AES key(s)->decrypt I/O to loop dev-> | partition |
|AES block #3| | |
+------------+ | |
| ... | | |
+------------+ +-------------+
On the other hand, an encrypted HFS+ partition:
- includes a header (you can dump it with
xxd
) - uses several keys in an undocumented way (see http://events.ccc.de/congress/2006/Fahrplan/attachments/1244-23C3VileFault.pdf)
- beginning with OS X 10.7 "Lion", it is wrapped in a CoreStorage Logical Volume Group (see
man diskutil
or https://developer.apple.com/legacy/library/documentation/Darwin/Reference/ManPages/man8/diskutil.8.html) uses AES-XTS:
$ diskutil coreStorage list (...) +-> Logical Volume Family D1C4665F-EAC8-4DAB-B392-634842A59559 ---------------------------------------------------------- Encryption Status: Unlocked Encryption Type: AES-XTS (...)
which doesn't seem to be supported by Cryptoloop nor Loop-AES.
Cryptoloop's successor, dm-crypt
, can't read encrypted HFS+ either.
But before all hope is gone:
A group of cryptographic experts have created
vfdecrypt
(included in Ubuntu packagedmg2img
, tar.gz is here: http://code.google.com/p/iphone-elite/downloads/list), which decrypts encrypted FileVault disk images (it won't work with device files).This tool looks very promising but didn't work with any of several encrypted disk images I created with
Disk Utility
on OS X 10.8.2 "Mountain Lion". Other people (http://bre.klaki.net/blog/2011/08/17/) seem to have had success with old encrypted images.Other experts work on project
libfvde
(https://code.google.com/p/libfvde), which includes commandfvdemount
for reading FileVault encrypted system volumes. The limiting factor here is "system volume". It doesn't support partitions on removable media. If you're curious, the description is here: https://code.google.com/p/libfvde/wiki/Mounting#Mouting_the_system_volume. The source code can be downloaded here: https://code.google.com/p/libfvde/downloads/list.
As for the error messages you encountered:
First error:
Error: Password must be at least 20 characters.
Surprisingly, mount
enforces long passwords not only for encryption but also for decryption, although you may not have control over the partition to decrypt. You can only get around this nuisance by downloading and editing the source and recompiling. (Other distributions, like SuSE Linux Enterprise Server (SLES), don't have this restriction.)
Second error:
ioctl: LOOP_SET_STATUS: Invalid argument, requested cipher or key (256 bits) not supported by kernel
You need to load the Cryptoloop kernel module:
$ sudo modprobe cryptoloop
because although you installed package loop-aes-utils
you are not using Loop-AES.
Loop-AES uses several modified user space tools (mount
, umount
, losetup
, swapon
and swapoff
, provided by loop-aes-utils
) and a modified loop.ko
kernel module. Recent Ubuntu versions compile an unmodified loop
module into the kernel:
$ cd /usr/src/linux-source-3.2.0/linux-source-3.2.0/drivers/block/
$ diff -q /tmp/loop.c-3.x.patched loop.c
Files /tmp/loop.c-3.x.patched and loop.c differ
so Loop-AES can't be used on Ubuntu out of the box. You need to patch and recompile the kernel as explained here: http://loop-aes.sourceforge.net/loop-AES.README. That's why mount
still needs Cryptoloop.
If you still get a similar error message after loading cryptoloop.ko
the encryption type may be not recognized. For example, my Ubuntu 12.04 didn't recognize aes-128
, but aes
. SLES only recognizes aes-128
.
Actually, there is Java application hfsexplorer that is able to open encrypted .dmg
files and creates decrypted .dmg
images which can be mounted in Linux.
I was able to create encrypted .dmg
files in OS X 10.9.5 and then explore the image from a virtual machine running Ubuntu 14.04.2 LTS. Both AES-128 and AES-256 encryption worked for my test cases.
This is how I created the .dmg
image:
$ hdiutil create -size 10m -layout NONE -fs HFS+ -encryption AES-256 -volname "Vault" vault.dmg
From the virtual machine running Ubuntu I was able to open the image:
$ ./hfsexplorer-0/bin/hfsexplorer.sh /tmp/vault.dmg
It prompts for a password and then shows the content of the image. There is an option (Tools -> create disk image) which creates an decrypted disk image which can then be mounted with the hfs tools from linux.
$ mount vault_decrypted.dmg /mnt/hfs/
Even HFS+ Journaled file systems worked. The only limitation is that the write support to HFS+J file systems is disabled by default in Linux.
This demonstrates that the encryption of .dmg
is understood by hfsexplorer
and could possibly be implemented in the mount
command. With creating an unencrypted .dmg
it is possible to mount the image in Linux ultimately.
vfdecrypt
did not work for me either.