On Sun, 2005-01-30 at 17:54, Peter_22@xxxxxx wrote: > > So you have experience in building encrypted DVDs? That´s what I > am looking for. Ok, ISO9660 will not allow all that ext2/3 does. > As I only use the DVDs for backup there is no need for dozens of > subdirs. It is becuase I use it for backup that I wanted not to have to know, or worry about the depth of directories. > I´d be interested to know how you actually master the > images. You don´t use mkisofs, do you? I´m looking for the right > way to create ISO9660 images than can be burned on DVD. I followed the readme with loop-aes. As an example I make a data file of the right size #dd if=/dev/urandom of=/image/file bs=4k count=1147460 \ conv=notrunc 2>/dev/null I mount it to a loop device #losetup -e AES128 -C 100 -S arandomlygeneratedseed -T \ /dev/loop3 /image/file I format it (in your case you probably want iso9660) #mke2fs -b 2048 -m 0 /dev/loop3 I unloop it #losetup -d /dev/loop3 I put an entries in fstab for it like: /image/file /mounted/location ext2 \ defaults,noauto,user,loop=/dev/loop3,encryption=AES128,\ itercountk=100,pseed=thesamerandomlygeneratedseed 0 0 /dev/scd0 /mounted/location ext2 \ defaults,noauto,user,loop=/dev/loop3,encryption=AES128,\ itercountk=100,pseed=thesamerandomlygeneratedseed 0 0 Then I mount it as the backup user $mount /image/file Then I fill it up with files Then I unmount it $umount /image/file Then I write it to dvd growisofs -Z /dev/scd0=/image/file Note that whatever the file system is it won't be recognized by most DVD burning software, it looks like a random data stream. I couldn't get K3b to do it, even though K3b uses growisofs to do the actual writing, as it rejected it as an invalid image. Then I mount the DVD $mount /dev/scd0 Then I can read it from /mounted/location It works fine for me. > > The question is how much data fits on DVD? 4.0 or 4.4GB? 4,700,000,000 Bytes without overburn, about 4.4GB, my current images are 4699996160 bytes. > I don´t want the key to be stored with the data on DVD. I don't use the multikey mode because I don't have, and don't want, encrypted swap, and it is my understanding that gpg can leak the content of what it encrypts to swap. > My testing has > shown hang ups on very full directories. Sometimes seeks failed > and such. It might be a matter of bad media quality or unsuitable > mastering. I've never had such problems. > In brief, I build up directory tree, called mkisofs -r and piped > the iso through aespipe. Output can than be burned to DVD with > Nero or k3b. Jari uses a 8192 byte section on beginning of CDROM > to store the key and some zeroes. I store the key elsewhere. > Maybe the missing free space is the cause for the lock ups? > I´m interested in concrete examples. See above. Regards, Paul Hilton - Linux-crypto: cryptography in and on the Linux system Archive: http://mail.nl.linux.org/linux-crypto/
