One thing you can try is to compile and run your own kenrel. I have been doing that with Debian for 6-7 years now, without any major issues. Its not even a "sort-of" Debian kernel, just a hard boot of a kernel from kernel.org without initrd, both with modules and anything statically compiled in. I am currently running 2.6.36.1 with lenny. I have never used loop-AES, but a short look at the instructions at http://loop-aes.sourceforge.net/loop-AES.README seems to indicate the module and tools can be built up to including the upcomming 2.6.37 kernel. Arno On Fri, Dec 03, 2010 at 08:11:33PM +0100, Markus Porto wrote: > Hello, > > I have a very stupid question concerning dm-crypt: I recently moved to a new > laptop on which I installed Debian squeeze. On my previous laptop (which run > Debian lenny) I used dm-crypt for USB sticks etc. and loop-AES for CDs/DVDs. > In Debian squeeze, somehow loop-AES does not to work anymore (there are a > couple of reports concerning that), but I read on your web page > http://code.google.com/p/cryptsetup/wiki/FrequentlyAskedQuestions that > dm-crypt can also handle loop-AES encrypted devices. > > I create an encrypted DVD of the directory /tmp/encrypted_dvd using > > cd /tmp > yes "" | dd of=/tmp/encrypted_dvd.iso bs=512 count=16 > head -c 3705 /dev/urandom | uuencode -m - | head -n 66 | tail -n 65 | \ > gpg --symmetric -a | dd of=/tmp/encrypted_dvd.iso conv=notrunc > genisoimage -quiet -r /tmp/encrypted_dvd | \ > aespipe -e AES128 -K /tmp/encrypted_dvd.iso -O 16 >> /tmp/encrypted_dvd.iso > growisofs -dvd-compat -speed=8 -Z /dev/dvd=/tmp/encrypted_dvd.iso > > so that the first 8192 bytes contain the encrypted keys. > > Previously (with Debian lenny), I mounted the DVD using the options > `ro,exec,loop,encryption=AES128,gpgkey=/dev/dvd,offset=8192' which does not > work anymore (error message `ioctl: LOOP_SET_STATUS: Invalid argument, > requested cipher or key length (128 bits) not supported by kernel'). If I > understood properly, the point is that cryptoloop support has been dropped > from the squeeze kernel. > > In any case, I still need to read my old CDs/DVDs: How can I do that using > cryptsetup? I read on the web page mentioned above that > > losetup /dev/loop0 /dev/dvd > cryptsetup -c aes-plain -h sha256 create encrypted /dev/loop0 > mount /dev/mapper/encrypted /media/encrypted_dvd > > should do it, but this does not work (/dev/mapper/encrypted is not an > ISO9660 filesystem). I tried to add options -o 4 or -p 4 (I understood that > the size is in blocks and that block size is 2048 bytes for DVDs), and also > several other values such as 16 (block size 512). How do I have to call > cryptsetup in my case? > > Many thanks for your kind help. > > Best regards, > Markus Porto > _______________________________________________ > dm-crypt mailing list > dm-crypt@xxxxxxxx > http://www.saout.de/mailman/listinfo/dm-crypt > -- Arno Wagner, Dr. sc. techn., Dipl. Inform., CISSP -- Email: arno@xxxxxxxxxxx GnuPG: ID: 1E25338F FP: 0C30 5782 9D93 F785 E79C 0296 797F 6B50 1E25 338F ---- Cuddly UI's are the manifestation of wishful thinking. -- Dylan Evans If it's in the news, don't worry about it. The very definition of "news" is "something that hardly ever happens." -- Bruce Schneier _______________________________________________ dm-crypt mailing list dm-crypt@xxxxxxxx http://www.saout.de/mailman/listinfo/dm-crypt
