Mount encrypted HFS in ubuntu

You can't mount an HFS+ partition encrypted in OS X using mount's option encryption=aes. The reason is that encrypted HFS+ partitions and volumes use a proprietary format.

Neither Cryptoloop nor Loop-AES, which are the underlying decryption methods used by mount and encryption, understand that format.

This is what I found out:

Cryptoloop can mount partitions or disk images encrypted as a single AES block (this is called single-key mode, see http://www.tldp.org/HOWTO/html_single/Cryptoloop-HOWTO/#cryptoloop-introduction):

  /dev/sdXX                                                        
  disk image                                                       /dev/loopX
+-----------+                                                    +-------------+
|           |                                                    |             |
|           |                                                    |             |
|           |                                                    | unencrypted |
| AES block | -AES passwd->AES key->decrypt I/O to loop device-> |  partition  |
|           |                                                    |             |
|           |                                                    |             |
|           |                                                    |             |
+-----------+                                                    +-------------+

AES-Loop can mount single-key (like above) and multi-key encrypted partitions or disk images:

  /dev/sdXX                                                        
  disk image                                                         /dev/loopX
+------------+                                                    +-------------+
|AES block #1|                                                    |             |
+------------+                                                    |             |
|AES block #2|                                                    | unencrypted |
+------------+ -AES passwd->AES key(s)->decrypt I/O to loop dev-> |  partition  |
|AES block #3|                                                    |             |
+------------+                                                    |             |
|    ...     |                                                    |             |
+------------+                                                    +-------------+

On the other hand, an encrypted HFS+ partition:

  • includes a header (you can dump it with xxd)
  • uses several keys in an undocumented way (see http://events.ccc.de/congress/2006/Fahrplan/attachments/1244-23C3VileFault.pdf)
  • beginning with OS X 10.7 "Lion", it is wrapped in a CoreStorage Logical Volume Group (see man diskutil or https://developer.apple.com/legacy/library/documentation/Darwin/Reference/ManPages/man8/diskutil.8.html)
  • uses AES-XTS:

       $ diskutil coreStorage list
       (...)
       +-> Logical Volume Family D1C4665F-EAC8-4DAB-B392-634842A59559
           ----------------------------------------------------------
           Encryption Status:       Unlocked
           Encryption Type:         AES-XTS
           (...)
    

    which doesn't seem to be supported by Cryptoloop nor Loop-AES.

Cryptoloop's successor, dm-crypt, can't read encrypted HFS+ either.

But before all hope is gone:

  • A group of cryptographic experts have created vfdecrypt (included in Ubuntu package dmg2img, tar.gz is here: http://code.google.com/p/iphone-elite/downloads/list), which decrypts encrypted FileVault disk images (it won't work with device files).

    This tool looks very promising but didn't work with any of several encrypted disk images I created with Disk Utility on OS X 10.8.2 "Mountain Lion". Other people (http://bre.klaki.net/blog/2011/08/17/) seem to have had success with old encrypted images.

  • Other experts work on project libfvde (https://code.google.com/p/libfvde), which includes command fvdemount for reading FileVault encrypted system volumes. The limiting factor here is "system volume". It doesn't support partitions on removable media. If you're curious, the description is here: https://code.google.com/p/libfvde/wiki/Mounting#Mouting_the_system_volume. The source code can be downloaded here: https://code.google.com/p/libfvde/downloads/list.

As for the error messages you encountered:

First error:

Error: Password must be at least 20 characters.

Surprisingly, mount enforces long passwords not only for encryption but also for decryption, although you may not have control over the partition to decrypt. You can only get around this nuisance by downloading and editing the source and recompiling. (Other distributions, like SuSE Linux Enterprise Server (SLES), don't have this restriction.)

Second error:

ioctl: LOOP_SET_STATUS: Invalid argument, requested cipher or key (256 bits) not supported by kernel

You need to load the Cryptoloop kernel module:

$ sudo modprobe cryptoloop

because although you installed package loop-aes-utils you are not using Loop-AES.

Loop-AES uses several modified user space tools (mount, umount, losetup, swapon and swapoff, provided by loop-aes-utils) and a modified loop.ko kernel module. Recent Ubuntu versions compile an unmodified loop module into the kernel:

    $ cd /usr/src/linux-source-3.2.0/linux-source-3.2.0/drivers/block/
    $ diff -q /tmp/loop.c-3.x.patched loop.c
    Files /tmp/loop.c-3.x.patched and loop.c differ

so Loop-AES can't be used on Ubuntu out of the box. You need to patch and recompile the kernel as explained here: http://loop-aes.sourceforge.net/loop-AES.README. That's why mount still needs Cryptoloop.

If you still get a similar error message after loading cryptoloop.ko the encryption type may be not recognized. For example, my Ubuntu 12.04 didn't recognize aes-128, but aes. SLES only recognizes aes-128.


Actually, there is Java application hfsexplorer that is able to open encrypted .dmg files and creates decrypted .dmg images which can be mounted in Linux.

I was able to create encrypted .dmg files in OS X 10.9.5 and then explore the image from a virtual machine running Ubuntu 14.04.2 LTS. Both AES-128 and AES-256 encryption worked for my test cases.

This is how I created the .dmg image:

$ hdiutil create -size 10m -layout NONE -fs HFS+ -encryption AES-256 -volname "Vault" vault.dmg

From the virtual machine running Ubuntu I was able to open the image:

$ ./hfsexplorer-0/bin/hfsexplorer.sh /tmp/vault.dmg

It prompts for a password and then shows the content of the image. There is an option (Tools -> create disk image) which creates an decrypted disk image which can then be mounted with the hfs tools from linux.

$ mount vault_decrypted.dmg /mnt/hfs/

Even HFS+ Journaled file systems worked. The only limitation is that the write support to HFS+J file systems is disabled by default in Linux.

This demonstrates that the encryption of .dmg is understood by hfsexplorer and could possibly be implemented in the mount command. With creating an unencrypted .dmg it is possible to mount the image in Linux ultimately.

vfdecrypt did not work for me either.