| View previous topic :: View next topic |
| Author |
Message |
mihochan
Apprentice
Joined: 16 Apr 2002
Posts: 296
Location: Melbourne again
|
 Posted: Tue May 27, 2003 5:21 am Post subject: Creating encrypted CDROMs |
 |
|
How to burn encrypted CDROMs
This is how I burnt an encrypted CDROM. Comments are welcome.
1. Setup the LINUX kernel
A number of modules need to be compiled into the
kernel before you begin.
These are,
loop-back device support
CryptoAPI support
A Cypto cipher ( I chose AES )
Crypto device support
Loop crypto device support
2. Load the modules
Load the modules with modprobe,
| Code: | | modprobe -a cipher-aes cryptoloop |
3. Create an empty file
Create an empty file. This file will hold the encrypted
ISO image so it must be larger than the image you wish
to burn.
The following command will create a file 600M in size
| Code: | | dd if=/dev/urandom of=encrypted.iso bs=1024 count=600000 |
4. Attach the encrypting loop device to the file.
This is done with the losetup command. Once the loop back
device is attached all data passed to the loop back device
will be encrypted and written to you file.
Attach the loop back device with,
| Code: | | losetup -e aes /dev/loop0 encrypted.iso |
5. Create an iso image.
Just create an iso image in the normal way and write it to a
second file something like this,
| Code: | | mkisofs -o cdrom.iso /my/secret/data |
6. Encrypt the image
This is the simplest part! Just type,
| Code: | | cat cdrom.iso > /dev/loop0 |
7. Burn the image to disk
Just use cdrecord in the normal way.
| Code: | | cdrecord -v speed=8 dev=1,0,0 -data encrypted.iso |
Now you have written the encrypted ISO image to a cdrom.
To mount the CDROM simply attach the loop back device to the
CDROM device and then mount the loop back device.
| Code: | losetup -e aes /dev/loop0 /dev/cdroms/cdrom0
mount /dev/loop0 /mnt/cdrom/ |
Now you are ready to read and enjoy whatever secret material
you don't want the government, tax office or mother to discover!
_________________
In the long run we are all dead - Keynes
Last edited by mihochan on Wed Jul 02, 2003 1:02 am; edited 1 time in total |
|
| Back to top |
|
 |
paranode
l33t
Joined: 06 Mar 2003
Posts: 679
Location: Texas
|
| Posted: Tue May 27, 2003 3:39 pm Post subject: |
|
|
Seems like a cool guide. I am just wondering at what point some sort of keys for encryption/decryption are set? Or is this done in a different way?
_________________
Meh. |
|
| Back to top |
|
|
mihochan
Apprentice
Joined: 16 Apr 2002
Posts: 296
Location: Melbourne again
|
| Posted: Tue May 27, 2003 11:48 pm Post subject: |
|
|
When you set up the loop device, you are asked for a password.
I think that the key is generated from this password.
Tom
_________________
In the long run we are all dead - Keynes |
|
| Back to top |
|
|
ebrostig
Bodhisattva
Joined: 20 Jul 2002
Posts: 3152
Location: Orlando, Fl
|
| Posted: Wed May 28, 2003 1:56 am Post subject: |
|
|
Moved from Networking and Security.
Erik
_________________
'Yes, Firefox is indeed greater than women. Can women block pops up for you? No. Can Firefox show you naked women? Yes.' |
|
| Back to top |
|
|
palebear
n00b
Joined: 12 May 2003
Posts: 14
Location: Canada
|
| Posted: Tue Jul 01, 2003 9:12 pm Post subject: Re: Creating encrypted CDROMs |
|
|
| mihochan wrote: |
3. Create an empty file
Create an empty file. This file will hold the encrypted
ISO image so it must be larger than the image you wish
to burn.
The following command will create a file 600M in size
| Code: | | dd if=/dev/zero of=encrypted.iso bs=1024 count=600000 |
|
creating a file from /dev/zero isn't really a great idea, you should use /dev/urandom (taken from http://www.kerneli.org/howto/node3.php)
_________________
If things get any worse, I'm going to have to ask you to stop helping me!! |
|
| Back to top |
|
|
mihochan
Apprentice
Joined: 16 Apr 2002
Posts: 296
Location: Melbourne again
|
| Posted: Wed Jul 02, 2003 1:02 am Post subject: |
|
|
Thanks, I made the change.
Tom
_________________
In the long run we are all dead - Keynes |
|
| Back to top |
|
|
gibson3659
n00b
Joined: 06 Feb 2003
Posts: 22
|
| Posted: Wed Jul 02, 2003 7:40 pm Post subject: Skip mkisofs?? |
|
|
Can you skip the mkisofs and burn an encrypted file directly? Of course the image would have to have a filesystem. Would cdrecord choke on this?
dd if=/dev/urandom of=encrypted.image bs=1024 count=600000
losetup -e aes /dev/loop0 encrypted.image
[mkfs of you choice] /dev/loop0
mount /dev/loop0 /mnt/image
cp /your/files /dev/loop0
umount /dev/loop0
cdrecord -v speed=8 dev=1,0,0 -data encrypted.image
you would mount if the same way, except you may have to specify a filesystem.
Better yet, you could split your image in half and burn to 2 separate CDs. Both halves would have to be joined on the harddrive before useable. |
|
| Back to top |
|
|
mihochan
Apprentice
Joined: 16 Apr 2002
Posts: 296
Location: Melbourne again
|
| Posted: Thu Jul 03, 2003 12:31 am Post subject: |
|
|
That would also work, so in that case you would have a file that could be mounted as a filesystem.
_________________
In the long run we are all dead - Keynes |
|
| Back to top |
|
|
mcp33p4n75
n00b
Joined: 06 Jul 2003
Posts: 1
|
| Posted: Sun Jul 06, 2003 7:24 pm Post subject: |
|
|
I found a much easier way to make the encrypted file system if you don't want to worry about people being able to see how much data really is encrypted.
mkisofs blah blah blah cdrom.iso
cp cdrom.iso encrypted.iso
losetup -e [cipher] /dev/loop# encrypted.iso
Set keysize and key...
cat cdrom.iso > /dev/loop0
losetup -d /dev/loop0
cdrecord blah blah blah -data encrypted.iso
wipe both isos from hard disk...
Since the encrypted iso is exactly the same size as the plaintext iso, you don't have to worry about whether you pack the filesystem with random data. You do have to worry, however, about the fact that an adversary has a good clue as to how much data you are storing. I don't know if this makes an attack easier, though. So it's probably not that big of deal. I use this method for when I want to take an old plaintext cd and turn it into an encrypted cd. |
|
| Back to top |
|
|
pi3k
n00b
Joined: 16 Apr 2003
Posts: 21
|
| Posted: Thu Sep 04, 2003 2:36 am Post subject: |
|
|
Just a question, but can you mount an encrypted cd on a different system? Do you just mount it like normal and then it asks for a password, or do you need to be on the same system?
_________________
Erant Semper Spes
(ATROPOS: Dual AMD 2800+ MP, GigaByte 7DPXWD+, 2GB DDR266, MSI TI4800SE, Audigy2, 2X200GB Maxtor 8MB Cache, GENTOO LINUX!) |
|
| Back to top |
|
|
MooktaKiNG
Guru
Joined: 11 Nov 2002
Posts: 326
Location: London, UK
|
| Posted: Thu Sep 04, 2003 3:06 pm Post subject: |
|
|
Is it possible to use the encrypted CD in windows?
Would i need a speciall software or something?
_________________
http://www.mooktakim.com
Athlon XP 2001, Giga-Byte GA-7VRXP MB, 640Mb DDR RAM 333MHz, MSI Geforce 4800SE 128Mb DDR, 40x12x48 Liteon CDRW drive, Flower Cooler, ADSL Router |
|
| Back to top |
|
|
mihochan
Apprentice
Joined: 16 Apr 2002
Posts: 296
Location: Melbourne again
|
| Posted: Fri Sep 05, 2003 12:54 am Post subject: |
|
|
It doesn't matter what system the CD is mounted on.
I have an encrypted dongle I use between machines.
Tom
_________________
In the long run we are all dead - Keynes |
|
| Back to top |
|
|
MooktaKiNG
Guru
Joined: 11 Nov 2002
Posts: 326
Location: London, UK
|
| Posted: Fri Sep 05, 2003 1:55 am Post subject: |
|
|
| mihochan wrote: | It doesn't matter what system the CD is mounted on.
I have an encrypted dongle I use between machines.
Tom |
What software do you use for your dongle?
_________________
http://www.mooktakim.com
Athlon XP 2001, Giga-Byte GA-7VRXP MB, 640Mb DDR RAM 333MHz, MSI Geforce 4800SE 128Mb DDR, 40x12x48 Liteon CDRW drive, Flower Cooler, ADSL Router |
|
| Back to top |
|
|
Slonk
n00b
Joined: 24 Sep 2003
Posts: 4
|
| Posted: Sun Nov 16, 2003 11:31 pm Post subject: |
|
|
I had this working perfectly in the latest stable release of the gentoo kernel. I recently decided to try out the gentoo-test-sources (2.4.22r0) though, and it doesn't seem to work so well. The cipher-aes module that we need to modprobe for seems to have been renamed to aes. The cryptoloop module seems to have disappeared altogether.
I don't get an error when I do the line:
| Code: | | modprobe -a aes cryptoloop |
but losetup informs me that the encryption method is unavailable.
Anyone else found and/or licked this problem yet? I haven't been game to try the 2.6 kernel yet, so have absolutely no idea whether it is a problem there or not. |
|
| Back to top |
|
|
S_aIN_t
Guru
Joined: 11 May 2002
Posts: 488
Location: Ottawa
|
| Posted: Wed Nov 19, 2003 1:29 pm Post subject: |
|
|
| mihochan wrote: | It doesn't matter what system the CD is mounted on.
I have an encrypted dongle I use between machines.
Tom |
can you provide some more details on the dongle.. who makes it? how does it work? where can i find more information about it?
i haven't heard about those things before.. so.. it sounds pretty interesting to me.
_________________
"That which is overdesigned, too highly
specific, anticipates outcome; the anicipation of
outcome guatantees, if not failure, the
absence of grace."
- William Gibson, "All Tomorrow's Parties"
----
http://petro.tanreisoftware.com |
|
| Back to top |
|
|
Slonk
n00b
Joined: 24 Sep 2003
Posts: 4
|
| Posted: Tue Dec 23, 2003 3:50 am Post subject: |
|
|
Can answer my own question now in case anyone else has the same problem. Gave up on kernel 2.4.22 and went straight to 2.6. The following commands allow a cd burnt under kernel 2.4 using the instructions above, to be mounted under 2.6
| Code: |
modprobe -a cryptoloop aes
hashalot ripemd160 |losetup -p0 -e aes-cbc-256 /dev/loop0 /dev/cdrom
mount -o block=2048 /dev/loop0 /mnt/cdrom
|
|
|
| Back to top |
|
|
R!tman
Veteran
Joined: 18 Dec 2003
Posts: 1303
Location: Zurich, Switzerland
|
| Posted: Sun Jan 22, 2006 1:08 am Post subject: |
|
|
This is a great howto. Thank you very much mihochan  |
|
| Back to top |
|
|
|
Documentation, Tips & Tricks
