[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: AW: AW: Hello and DVD-ROM encryption
On Sun, 2005-01-30 at 17:54, Peter_22@xxxxxx wrote:
>
> So you have experience in building encrypted DVDs? That´s what I
> am looking for. Ok, ISO9660 will not allow all that ext2/3 does.
> As I only use the DVDs for backup there is no need for dozens of
> subdirs.
It is becuase I use it for backup that I wanted not to have to know, or
worry about the depth of directories.
> I´d be interested to know how you actually master the
> images. You don´t use mkisofs, do you? I´m looking for the right
> way to create ISO9660 images than can be burned on DVD.
I followed the readme with loop-aes. As an example
I make a data file of the right size
#dd if=/dev/urandom of=/image/file bs=4k count=1147460 \
conv=notrunc 2>/dev/null
I mount it to a loop device
#losetup -e AES128 -C 100 -S arandomlygeneratedseed -T \
/dev/loop3 /image/file
I format it (in your case you probably want iso9660)
#mke2fs -b 2048 -m 0 /dev/loop3
I unloop it
#losetup -d /dev/loop3
I put an entries in fstab for it like:
/image/file /mounted/location ext2 \
defaults,noauto,user,loop=/dev/loop3,encryption=AES128,\
itercountk=100,pseed=thesamerandomlygeneratedseed 0 0
/dev/scd0 /mounted/location ext2 \
defaults,noauto,user,loop=/dev/loop3,encryption=AES128,\
itercountk=100,pseed=thesamerandomlygeneratedseed 0 0
Then I mount it as the backup user
$mount /image/file
Then I fill it up with files
Then I unmount it
$umount /image/file
Then I write it to dvd
growisofs -Z /dev/scd0=/image/file
Note that whatever the file system is it won't be recognized
by most DVD burning software, it looks like a random data stream.
I couldn't get K3b to do it, even though K3b uses growisofs to do
the actual writing, as it rejected it as an invalid image.
Then I mount the DVD
$mount /dev/scd0
Then I can read it from /mounted/location
It works fine for me.
>
> The question is how much data fits on DVD? 4.0 or 4.4GB?
4,700,000,000 Bytes without overburn, about 4.4GB, my current images are
4699996160 bytes.
> I don´t want the key to be stored with the data on DVD.
I don't use the multikey mode because I don't have, and don't want,
encrypted swap, and it is my understanding that gpg can leak the content
of what it encrypts to swap.
> My testing has
> shown hang ups on very full directories. Sometimes seeks failed
> and such. It might be a matter of bad media quality or unsuitable
> mastering.
I've never had such problems.
> In brief, I build up directory tree, called mkisofs -r and piped
> the iso through aespipe. Output can than be burned to DVD with
> Nero or k3b. Jari uses a 8192 byte section on beginning of CDROM
> to store the key and some zeroes. I store the key elsewhere.
> Maybe the missing free space is the cause for the lock ups?
> I´m interested in concrete examples.
See above.
Regards,
Paul Hilton
-
Linux-crypto: cryptography in and on the Linux system
Archive: http://mail.nl.linux.org/linux-crypto/