View previous topic :: View next topic |
Author |
Message |
mihochan Apprentice
Joined: 16 Apr 2002 Posts: 296 Location: Melbourne again
|
Posted: Tue May 27, 2003 5:21 am Post subject: Creating encrypted CDROMs |
|
|
How to burn encrypted CDROMs
This is how I burnt an encrypted CDROM. Comments are welcome.
1. Setup the LINUX kernel
A number of modules need to be compiled into the
kernel before you begin.
These are,
loop-back device support
CryptoAPI support
A Cypto cipher ( I chose AES )
Crypto device support
Loop crypto device support
2. Load the modules
Load the modules with modprobe,
Code: | modprobe -a cipher-aes cryptoloop |
3. Create an empty file
Create an empty file. This file will hold the encrypted
ISO image so it must be larger than the image you wish
to burn.
The following command will create a file 600M in size
Code: | dd if=/dev/urandom of=encrypted.iso bs=1024 count=600000 |
4. Attach the encrypting loop device to the file.
This is done with the losetup command. Once the loop back
device is attached all data passed to the loop back device
will be encrypted and written to you file.
Attach the loop back device with,
Code: | losetup -e aes /dev/loop0 encrypted.iso |
5. Create an iso image.
Just create an iso image in the normal way and write it to a
second file something like this,
Code: | mkisofs -o cdrom.iso /my/secret/data |
6. Encrypt the image
This is the simplest part! Just type,
Code: | cat cdrom.iso > /dev/loop0 |
7. Burn the image to disk
Just use cdrecord in the normal way.
Code: | cdrecord -v speed=8 dev=1,0,0 -data encrypted.iso |
Now you have written the encrypted ISO image to a cdrom.
To mount the CDROM simply attach the loop back device to the
CDROM device and then mount the loop back device.
Code: | losetup -e aes /dev/loop0 /dev/cdroms/cdrom0
mount /dev/loop0 /mnt/cdrom/ |
Now you are ready to read and enjoy whatever secret material
you don't want the government, tax office or mother to discover! _________________ In the long run we are all dead - Keynes
Last edited by mihochan on Wed Jul 02, 2003 1:02 am; edited 1 time in total |
|
Back to top |
|
|
paranode l33t
Joined: 06 Mar 2003 Posts: 679 Location: Texas
|
Posted: Tue May 27, 2003 3:39 pm Post subject: |
|
|
Seems like a cool guide. I am just wondering at what point some sort of keys for encryption/decryption are set? Or is this done in a different way? _________________ Meh. |
|
Back to top |
|
|
mihochan Apprentice
Joined: 16 Apr 2002 Posts: 296 Location: Melbourne again
|
Posted: Tue May 27, 2003 11:48 pm Post subject: |
|
|
When you set up the loop device, you are asked for a password.
I think that the key is generated from this password.
Tom _________________ In the long run we are all dead - Keynes |
|
Back to top |
|
|
ebrostig Bodhisattva
Joined: 20 Jul 2002 Posts: 3152 Location: Orlando, Fl
|
Posted: Wed May 28, 2003 1:56 am Post subject: |
|
|
Moved from Networking and Security.
Erik _________________ 'Yes, Firefox is indeed greater than women. Can women block pops up for you? No. Can Firefox show you naked women? Yes.' |
|
Back to top |
|
|
palebear n00b
Joined: 12 May 2003 Posts: 14 Location: Canada
|
Posted: Tue Jul 01, 2003 9:12 pm Post subject: Re: Creating encrypted CDROMs |
|
|
mihochan wrote: |
3. Create an empty file
Create an empty file. This file will hold the encrypted
ISO image so it must be larger than the image you wish
to burn.
The following command will create a file 600M in size
Code: | dd if=/dev/zero of=encrypted.iso bs=1024 count=600000 |
|
creating a file from /dev/zero isn't really a great idea, you should use /dev/urandom (taken from http://www.kerneli.org/howto/node3.php) _________________ If things get any worse, I'm going to have to ask you to stop helping me!! |
|
Back to top |
|
|
mihochan Apprentice
Joined: 16 Apr 2002 Posts: 296 Location: Melbourne again
|
Posted: Wed Jul 02, 2003 1:02 am Post subject: |
|
|
Thanks, I made the change.
Tom _________________ In the long run we are all dead - Keynes |
|
Back to top |
|
|
gibson3659 n00b
Joined: 06 Feb 2003 Posts: 22
|
Posted: Wed Jul 02, 2003 7:40 pm Post subject: Skip mkisofs?? |
|
|
Can you skip the mkisofs and burn an encrypted file directly? Of course the image would have to have a filesystem. Would cdrecord choke on this?
dd if=/dev/urandom of=encrypted.image bs=1024 count=600000
losetup -e aes /dev/loop0 encrypted.image
[mkfs of you choice] /dev/loop0
mount /dev/loop0 /mnt/image
cp /your/files /dev/loop0
umount /dev/loop0
cdrecord -v speed=8 dev=1,0,0 -data encrypted.image
you would mount if the same way, except you may have to specify a filesystem.
Better yet, you could split your image in half and burn to 2 separate CDs. Both halves would have to be joined on the harddrive before useable. |
|
Back to top |
|
|
mihochan Apprentice
Joined: 16 Apr 2002 Posts: 296 Location: Melbourne again
|
Posted: Thu Jul 03, 2003 12:31 am Post subject: |
|
|
That would also work, so in that case you would have a file that could be mounted as a filesystem. _________________ In the long run we are all dead - Keynes |
|
Back to top |
|
|
mcp33p4n75 n00b
Joined: 06 Jul 2003 Posts: 1
|
Posted: Sun Jul 06, 2003 7:24 pm Post subject: |
|
|
I found a much easier way to make the encrypted file system if you don't want to worry about people being able to see how much data really is encrypted.
mkisofs blah blah blah cdrom.iso
cp cdrom.iso encrypted.iso
losetup -e [cipher] /dev/loop# encrypted.iso
Set keysize and key...
cat cdrom.iso > /dev/loop0
losetup -d /dev/loop0
cdrecord blah blah blah -data encrypted.iso
wipe both isos from hard disk...
Since the encrypted iso is exactly the same size as the plaintext iso, you don't have to worry about whether you pack the filesystem with random data. You do have to worry, however, about the fact that an adversary has a good clue as to how much data you are storing. I don't know if this makes an attack easier, though. So it's probably not that big of deal. I use this method for when I want to take an old plaintext cd and turn it into an encrypted cd. |
|
Back to top |
|
|
pi3k n00b
Joined: 16 Apr 2003 Posts: 21
|
Posted: Thu Sep 04, 2003 2:36 am Post subject: |
|
|
Just a question, but can you mount an encrypted cd on a different system? Do you just mount it like normal and then it asks for a password, or do you need to be on the same system? _________________ Erant Semper Spes
(ATROPOS: Dual AMD 2800+ MP, GigaByte 7DPXWD+, 2GB DDR266, MSI TI4800SE, Audigy2, 2X200GB Maxtor 8MB Cache, GENTOO LINUX!) |
|
Back to top |
|
|
MooktaKiNG Guru
Joined: 11 Nov 2002 Posts: 326 Location: London, UK
|
Posted: Thu Sep 04, 2003 3:06 pm Post subject: |
|
|
Is it possible to use the encrypted CD in windows?
Would i need a speciall software or something? _________________ http://www.mooktakim.com
Athlon XP 2001, Giga-Byte GA-7VRXP MB, 640Mb DDR RAM 333MHz, MSI Geforce 4800SE 128Mb DDR, 40x12x48 Liteon CDRW drive, Flower Cooler, ADSL Router |
|
Back to top |
|
|
mihochan Apprentice
Joined: 16 Apr 2002 Posts: 296 Location: Melbourne again
|
Posted: Fri Sep 05, 2003 12:54 am Post subject: |
|
|
It doesn't matter what system the CD is mounted on.
I have an encrypted dongle I use between machines.
Tom _________________ In the long run we are all dead - Keynes |
|
Back to top |
|
|
MooktaKiNG Guru
Joined: 11 Nov 2002 Posts: 326 Location: London, UK
|
Posted: Fri Sep 05, 2003 1:55 am Post subject: |
|
|
mihochan wrote: | It doesn't matter what system the CD is mounted on.
I have an encrypted dongle I use between machines.
Tom |
What software do you use for your dongle? _________________ http://www.mooktakim.com
Athlon XP 2001, Giga-Byte GA-7VRXP MB, 640Mb DDR RAM 333MHz, MSI Geforce 4800SE 128Mb DDR, 40x12x48 Liteon CDRW drive, Flower Cooler, ADSL Router |
|
Back to top |
|
|
Slonk n00b
Joined: 24 Sep 2003 Posts: 4
|
Posted: Sun Nov 16, 2003 11:31 pm Post subject: |
|
|
I had this working perfectly in the latest stable release of the gentoo kernel. I recently decided to try out the gentoo-test-sources (2.4.22r0) though, and it doesn't seem to work so well. The cipher-aes module that we need to modprobe for seems to have been renamed to aes. The cryptoloop module seems to have disappeared altogether.
I don't get an error when I do the line:
Code: | modprobe -a aes cryptoloop |
but losetup informs me that the encryption method is unavailable.
Anyone else found and/or licked this problem yet? I haven't been game to try the 2.6 kernel yet, so have absolutely no idea whether it is a problem there or not. |
|
Back to top |
|
|
S_aIN_t Guru
Joined: 11 May 2002 Posts: 488 Location: Ottawa
|
Posted: Wed Nov 19, 2003 1:29 pm Post subject: |
|
|
mihochan wrote: | It doesn't matter what system the CD is mounted on.
I have an encrypted dongle I use between machines.
Tom |
can you provide some more details on the dongle.. who makes it? how does it work? where can i find more information about it?
i haven't heard about those things before.. so.. it sounds pretty interesting to me. _________________ "That which is overdesigned, too highly
specific, anticipates outcome; the anicipation of
outcome guatantees, if not failure, the
absence of grace."
- William Gibson, "All Tomorrow's Parties"
----
http://petro.tanreisoftware.com |
|
Back to top |
|
|
Slonk n00b
Joined: 24 Sep 2003 Posts: 4
|
Posted: Tue Dec 23, 2003 3:50 am Post subject: |
|
|
Can answer my own question now in case anyone else has the same problem. Gave up on kernel 2.4.22 and went straight to 2.6. The following commands allow a cd burnt under kernel 2.4 using the instructions above, to be mounted under 2.6
Code: |
modprobe -a cryptoloop aes
hashalot ripemd160 |losetup -p0 -e aes-cbc-256 /dev/loop0 /dev/cdrom
mount -o block=2048 /dev/loop0 /mnt/cdrom
|
|
|
Back to top |
|
|
R!tman Veteran
Joined: 18 Dec 2003 Posts: 1303 Location: Zurich, Switzerland
|
Posted: Sun Jan 22, 2006 1:08 am Post subject: |
|
|
This is a great howto. Thank you very much mihochan |
|
Back to top |
|
|
|