[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Crypted CDROMs

To: linux-crypto@nl.linux.org
Subject: Re: Crypted CDROMs
From: Rainer Ellinger <rainer.ellinger@web.de>
Date: Fri, 22 Feb 2002 12:40:46 +0100
List-archive: <http://mail.nl.linux.org/linux-crypto/>
List-help: <mailto:listar@nl.linux.org?Subject=help>
List-owner: <mailto:riel@nl.linux.org>
List-post: <mailto:linux-crypto@nl.linux.org>
List-software: Listar version 1.0.0
List-subscribe: <mailto:linux-crypto-request@nl.linux.org?Subject=subscribe>
List-unsubscribe: <mailto:linux-crypto-request@nl.linux.org?Subject=unsubscribe>
Organization: Rainers Rechenzentrum
Original-Recipient: rfc822;linux-crypto-archive@nl.linux.org
References: <20020220074509.A2654@philos.philosys.de> <3C73DF2A.63ADEB8D@pp.inet.fi> <20020220162315.A9696@example.com> <20020221074617.A7773@philos.philosys.de> <20020221095744.A10625@example.com>
Sender: linux-crypto-bounce@nl.linux.org
User-Agent: Mozilla/5.0

Chris Schadl wrote:

> # dd if=/dev/urandom of=~/crypto.iso bs=1M count=650

I consider 700MB the most common standard today and expect to have a 
stable maximum count of 359849 blocks with 2048 Bytes each - even from 
kodak ... ;-)

So i would use:

dd if=/dev/urandom of=cryptoimage.bin bs=2048 count=359000

You need about additional 35 Blocks for a minimum ISO header and 
lead-out zone.

> # losetup -e aes -k 192 /dev/loop0 ~/crypto.iso
> # mkisofs -r /stuff/SUPAR-SECRET-STUFF/ >/dev/loop0

It doesn't make sense using a container file through a loop device with
a iso9660 filesystem, because iso9660 is a format like a tarball, that 
could not be used read-write. Use a normal filesystem of you choise. 
Probably you would like to optimize the filesystem parameters for a 
700MB size and CDR usage. For example:

mke2fs -m 0 -T largefiles /dev/loopX
tune2fs -c 0 -i 0 /dev/loopX

if you've only a small count of larger files and want to optimize 
blocksize and inode count. Then you can backup the container file to CDR 
like any other file. If you like to be perfect make a e2fsck before.

That means you make normal, readable ISOs with your container file 
inside. You should not write any other raw formats (an an encrypted 
stream is not a know format) than well defined ISO standards to a CDR. 
You're drive could make troubles recognizing the CDR. Then a

mount /cdrom /X
mount /X/cryptoimage.bin /Y -o loop,encryption[...blabla]

should make it.

For a CDR-backup only usage i would take a approach with tar/cpio/afio | 
bzip2 | mcrypt | split

-- 
rainer@ellinger.de

-
Linux-crypto:  cryptography in and on the Linux system
Archive:       http://mail.nl.linux.org/linux-crypto/

References:
- Crypted CDROMs
  - From: Erik Kunze <Erik.Kunze@philosys.de>
- Re: Crypted CDROMs
  - From: Jari Ruusu <jari.ruusu@pp.inet.fi>
- Re: Crypted CDROMs
  - From: Chris Schadl <cschadl@satan.org.uk>
- Re: Crypted CDROMs
  - From: Erik Kunze <Erik.Kunze@philosys.de>
- Re: Crypted CDROMs
  - From: Chris Schadl <cschadl@satan.org.uk>

Prev by Date: Re: Crypted CDROMs
Next by Date: Re: Wiping free space on encrypted filesystem.
Prev by thread: Re: Crypted CDROMs
Next by thread: Re: Crypted CDROMs
Index(es):
- Date
- Thread