Welcome to the most active Linux Forum on the web.
Go Back > Forums > Linux Forums > Linux - Software
User Name
Linux - Software This forum is for Software issues.
Having a problem installing a new program? Want to know which application is best for the job? Post your question in this forum.


  Search this Thread
Old 04-20-2006, 08:59 AM   #1
Registered: Oct 2003
Location: Montreal Beach
Distribution: Debian Unstable
Posts: 368

Rep: Reputation: 30
Need help with loop-aes encryption.

Hi everyone,

I need a little help with loop-aes. I'm trying to encrypt DVD-Rs. Here's the relevent help I've found:

3.3. Example 3 - Encrypted CD-ROM
Create 65 random encryption keys and encrypt those keys using gpg. Reading
from /dev/random may take indefinitely long if kernel's random entropy pool
is empty. If that happens, do some other work on some other console (use
keyboard, mouse and disks). Use of gpg encrypted key file depends on
encrypted swap.

gpg encrypted key file is recorded to first 8192 bytes of the CD-ROM. Key
file does not use all of 8192 bytes so remaining part of the 8192 bytes is
padded with newlines.

yes "" | dd of=image.iso bs=512 count=16
    head -c 2925 /dev/random | uuencode -m - | head -n 66 | tail -n 65 \
        | gpg --symmetric -a | dd of=image.iso conv=notrunc
If I understand correctly, the first line is a one line command and the two other lines is also a one line command, right? So when actually do it on the console it looks like this:
root@s00016:~# yes "" | dd of=image.iso bs=512 count=16
16+0 enregistrements lus.
16+0 enregistrements écrits.
8192 bytes transferred in 0,032489 seconds (252147 bytes/sec)
and then:
head -c 2925 /dev/random | uuencode -m - | head -n 66 | tail -n 65 | gpg --symmetric -a | dd of=image.iso conv=notrunc
root@s00016:~# head -c 2925 /dev/random | uuencode -m - | head -n 66 | tail -n 65 | gpg --symmetric -a | dd of=image.iso conv=notrunc
gpg: WARNING: unsafe ownership on configuration file `/home/yanik/.gnupg/gpg.conf'
It asked me a passphrase 2 times then just sit there, doing nothing. If I control-c, I get this:
0+0 enregistrements lus.
gpg: Interrupt caught ... exiting
0+0 enregistrements écrits.
0 bytes transferred in 89,318209 seconds (0 bytes/sec)
It doesn't seems right to me. Can someone help me out with those commands? What about the 65 encryption keys? Were they created with those commands?


Here's the rest of the example if it can help:
Create encrypted ISO9660 CD-ROM image that can be mounted using Linux
loop-AES crypto package version 3.0a or later:

mkisofs -quiet -r directory-tree | aespipe -K image.iso -O 16 >>image.iso
This image file can then be mounted under Linux like this:

mount -t iso9660 image.iso /cdrom -o loop=/dev/loop0,encryption=AES128,gpgkey=image.iso,offset=8192
Or, after writing image.iso to CD-ROM, like this:

mount -t iso9660 /dev/cdrom /cdrom -o loop=/dev/loop0,encryption=AES128,gpgkey=/dev/cdrom,offset=8192
Or, if this line is added to /etc/fstab file:

/dev/cdrom /cryptcd iso9660 defaults,noauto,loop=/dev/loop0,encryption=AES128,gpgkey=/dev/cdrom,offset=8192 0 0
Then encrypted CD-ROMs can be mounted and unmounted like this:

mkdir /cryptcd
    mount /cryptcd
    umount /cryptcd
In above mount cases the mounted device name must be identical to gpgkey=
definition and offset= must be specified. That condition is special cased
inside mount and losetup programs to prevent gpg from reading all of cdrom
contents when gpg is decrypting the key file.

If you ever need to extract unencrypted image of encrypted CD-ROM, you can
do that like this:

dd if=/dev/cdrom bs=8192 count=1 of=key.gpg
    dd if=/dev/cdrom bs=8192 skip=1 | aespipe -d -K key.gpg -O 16 >clear.iso
Latter of above dd commands may cause some kernel error messages when dd
command attempts to read past end of CD-ROM device.


cd, dvd, encryption

Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
Loop-aes vs DM-crypt Frogular Linux - Security 3 12-26-2007 04:13 PM
loop aes digi691 Linux - Security 6 05-27-2005 10:11 PM
Drive encryption (not loop, not a new partition) grayFalcon Linux - Security 2 05-12-2005 02:28 AM
loop-aes movery Linux - Security 0 01-14-2005 09:29 AM
loop-AES dm-crypt and Gentoo PrimusXPrimus Linux - Software 1 10-12-2004 06:18 PM > Forums > Linux Forums > Linux - Software

All times are GMT -5. The time now is 07:29 AM.

Main Menu
Write for LQ is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration