Gabriel Jägenstedt wrote: > I have the following line in fstab. > /dev/hdc /mnt/secure iso9660 > ro,user,noauto,loop=/dev/loop11,encryption=AES256,gpgkey=/etc/keys/cd_dvdkey.gpg > > What I want is basicly a simple way to encrypt stuff that is off my > drive. I'm sure it is possible to do it in some way writing a simple > script and having one file on the disc but I can't help think there is a > better way. Each CD and DVD must have its own key file. If you use same key file for multiple file systems, you start getting identical ciphertext blocks, which is bad for security. aespipe README example 3.3. shows how to encrypt CDs. It puts a key file at beginning of the CD and specifies offset for encrypted data. If you want to be able to change passphrase afterwards, then encrypt the key file using gpg public-key crypto. Changing gpg private-key passphrase changes your CD/DVD mount passphrase. http://loop-aes.sourceforge.net/aespipe.README -- Jari Ruusu 1024R/3A220F51 5B 4B F9 BB D3 3F 52 E9 DB 1D EB E3 24 0E A9 DD - Linux-crypto: cryptography in and on the Linux system Archive: http://mail.nl.linux.org/linux-crypto/
