Chris Schadl wrote: > # dd if=/dev/urandom of=~/crypto.iso bs=1M count=650 I consider 700MB the most common standard today and expect to have a stable maximum count of 359849 blocks with 2048 Bytes each - even from kodak ... ;-) So i would use: dd if=/dev/urandom of=cryptoimage.bin bs=2048 count=359000 You need about additional 35 Blocks for a minimum ISO header and lead-out zone. > # losetup -e aes -k 192 /dev/loop0 ~/crypto.iso > # mkisofs -r /stuff/SUPAR-SECRET-STUFF/ >/dev/loop0 It doesn't make sense using a container file through a loop device with a iso9660 filesystem, because iso9660 is a format like a tarball, that could not be used read-write. Use a normal filesystem of you choise. Probably you would like to optimize the filesystem parameters for a 700MB size and CDR usage. For example: mke2fs -m 0 -T largefiles /dev/loopX tune2fs -c 0 -i 0 /dev/loopX if you've only a small count of larger files and want to optimize blocksize and inode count. Then you can backup the container file to CDR like any other file. If you like to be perfect make a e2fsck before. That means you make normal, readable ISOs with your container file inside. You should not write any other raw formats (an an encrypted stream is not a know format) than well defined ISO standards to a CDR. You're drive could make troubles recognizing the CDR. Then a mount /cdrom /X mount /X/cryptoimage.bin /Y -o loop,encryption[...blabla] should make it. For a CDR-backup only usage i would take a approach with tar/cpio/afio | bzip2 | mcrypt | split -- rainer@ellinger.de - Linux-crypto: cryptography in and on the Linux system Archive: http://mail.nl.linux.org/linux-crypto/
