I need a little help with loop-aes. I'm trying to encrypt DVD-Rs. Here's the relevent help I've found:
3.3. Example 3 - Encrypted CD-ROM
Create 65 random encryption keys and encrypt those keys using gpg. Reading
from /dev/random may take indefinitely long if kernel's random entropy pool
is empty. If that happens, do some other work on some other console (use
keyboard, mouse and disks). Use of gpg encrypted key file depends on
gpg encrypted key file is recorded to first 8192 bytes of the CD-ROM. Key
file does not use all of 8192 bytes so remaining part of the 8192 bytes is
padded with newlines.
yes "" | dd of=image.iso bs=512 count=16
head -c 2925 /dev/random | uuencode -m - | head -n 66 | tail -n 65 \
| gpg --symmetric -a | dd of=image.iso conv=notrunc
If I understand correctly, the first line is a one line command and the two other lines is also a one line command, right? So when actually do it on the console it looks like this:
root@s00016:~# yes "" | dd of=image.iso bs=512 count=16
16+0 enregistrements lus.
16+0 enregistrements écrits.
8192 bytes transferred in 0,032489 seconds (252147 bytes/sec)
head -c 2925 /dev/random | uuencode -m - | head -n 66 | tail -n 65 | gpg --symmetric -a | dd of=image.iso conv=notrunc
root@s00016:~# head -c 2925 /dev/random | uuencode -m - | head -n 66 | tail -n 65 | gpg --symmetric -a | dd of=image.iso conv=notrunc
gpg: WARNING: unsafe ownership on configuration file `/home/yanik/.gnupg/gpg.conf'
It asked me a passphrase 2 times then just sit there, doing nothing. If I control-c, I get this:
0+0 enregistrements lus.
gpg: Interrupt caught ... exiting
0+0 enregistrements écrits.
0 bytes transferred in 89,318209 seconds (0 bytes/sec)
It doesn't seems right to me. Can someone help me out with those commands? What about the 65 encryption keys? Were they created with those commands?
Here's the rest of the example if it can help:
Create encrypted ISO9660 CD-ROM image that can be mounted using Linux
loop-AES crypto package version 3.0a or later:
This image file can then be mounted under Linux like this:
mkisofs -quiet -r directory-tree | aespipe -K image.iso -O 16 >>image.iso
Or, after writing image.iso to CD-ROM, like this:
mount -t iso9660 image.iso /cdrom -o loop=/dev/loop0,encryption=AES128,gpgkey=image.iso,offset=8192
Or, if this line is added to /etc/fstab file:
mount -t iso9660 /dev/cdrom /cdrom -o loop=/dev/loop0,encryption=AES128,gpgkey=/dev/cdrom,offset=8192
Then encrypted CD-ROMs can be mounted and unmounted like this:
/dev/cdrom /cryptcd iso9660 defaults,noauto,loop=/dev/loop0,encryption=AES128,gpgkey=/dev/cdrom,offset=8192 0 0
In above mount cases the mounted device name must be identical to gpgkey=
definition and offset= must be specified. That condition is special cased
inside mount and losetup programs to prevent gpg from reading all of cdrom
contents when gpg is decrypting the key file.
If you ever need to extract unencrypted image of encrypted CD-ROM, you can
do that like this:
Latter of above dd commands may cause some kernel error messages when dd
dd if=/dev/cdrom bs=8192 count=1 of=key.gpg
dd if=/dev/cdrom bs=8192 skip=1 | aespipe -d -K key.gpg -O 16 >clear.iso
command attempts to read past end of CD-ROM device.