Reos Zgium wrote:
> Wouldn't it be possible to write a small piece of code, which encrypts
> stdin->stdout. This would compact the example above into one line like this:
>
> mkisofs -xyz /home/backup | encrypt-on-the-fly > /tmp/cryptfile
>
> or even burn it on the fly.
> mkisofs -xyz /home/backup | encrypt-on-the-fly | cdrecord -
>
> The encryption key would be requested from the console or from file or
> whatever.
>
> The trick here is writing this pipe-program which is is compatible with the
> crypto-loop kernel driver so the data can later be transparently decrypted.
> Main obstacles are the IV and the blocksize. The crypto-loop has no external
> interface (or i failed to find it) so the separate encryption program would
> have to duplicate the crypt-loop's functionality. Disregarding future
> compatibility problems, this small program would be quite simple to code.
>
> A huge problem could be to encrypt multi-session volumes and such. But as this
> is quite problematic with the mkisofs/cdrecord pair anyway, i would ignore it
> for now.
>
> Now for the questions:
> Has some one already coded this tool and could save me a day or two?
>
> Does any one with more insight into the crypto-loop driver see a problem in
> design with this solution? Can we reliably pre-calcucate the IV on the CD
> before it is written?
>
> Any other suggestions?
I posted source for aespipe program to this list a while ago. It does
exactly what you need. Get it from archive, here:
http://mail.nl.linux.org/linux-crypto/2002-05/msg00023.html
The source is in 'aespipe-v1.0b.tar.bz2' that after downloading appears
under name 'bin00000.bin', here:
http://mail.nl.linux.org/linux-crypto/2002-05/bin00000.bin
By default it is loop-AES compatible, but to make it cryptoapi compatible,
use command line options: -e aes128 -H rmd160
Regards,
Jari Ruusu <jari.ruusu@pp.inet.fi>
-
Linux-crypto: cryptography in and on the Linux system
Archive: http://mail.nl.linux.org/linux-crypto/
