View previous topic :: View next topic |
Author |
Message |
likewhoa l33t
Joined: 04 Oct 2006 Posts: 778 Location: Brooklyn, New York
|
|
Back to top |
|
|
d2_racing Bodhisattva
Joined: 25 Apr 2005 Posts: 13047 Location: Ste-Foy,Canada
|
Posted: Thu Feb 01, 2007 1:54 pm Post subject: |
|
|
Thanks |
|
Back to top |
|
|
batistuta Veteran
Joined: 29 Jul 2005 Posts: 1384 Location: Aachen
|
Posted: Thu Feb 01, 2007 2:34 pm Post subject: |
|
|
looks very nice likewhoa, thanks a lot. I find encryption an increasingly important Linux topic, under constant development. It is cool to see people keep it up to date |
|
Back to top |
|
|
RoundsToZero Guru
Joined: 17 Nov 2003 Posts: 478 Location: New York, NY
|
Posted: Fri Feb 02, 2007 2:24 am Post subject: |
|
|
Could this be used with packet writing instead of creating an ISO image in advance? |
|
Back to top |
|
|
likewhoa l33t
Joined: 04 Oct 2006 Posts: 778 Location: Brooklyn, New York
|
Posted: Fri Feb 02, 2007 3:05 pm Post subject: |
|
|
RoundsToZero wrote: | Could this be used with packet writing instead of creating an ISO image in advance? |
I would have to look into packet writing as I've never done it before, but my guess is that it is possible. |
|
Back to top |
|
|
Sadako Advocate
Joined: 05 Aug 2004 Posts: 3792 Location: sleeping in the bathtub
|
Posted: Thu Feb 08, 2007 6:04 pm Post subject: |
|
|
Nice, but I have to question the point of using the luks extensions on read-only filesystems, which is what the howto appears to be dedicated to.
likewhoa wrote: | RoundsToZero wrote: | Could this be used with packet writing instead of creating an ISO image in advance? |
I would have to look into packet writing as I've never done it before, but my guess is that it is possible. |
It is, but not quite like this.
I used to do it with dvd+rw, using the following (to mount an existing encrypted filesystem on the media);
Code: | #! /bin/bash
CDRDEV=/dev/hdc
DMAP=dvdrw
MOUNTPOINT=/mnt/dvdrw
cryptsetup -c aes-cbc-plain -s 256 -y create ${DMAP} ${CDRDEV}
mount -t udf -o noatime,unhide,rw,user /dev/mapper/${DMAP} ${MOUNTPOINT}
chmod a+rw ${MOUNTPOINT}
exit |
It's simple, and it worked, but writing to the disc was slow (although this was in the early days of packet writing, and I haven't tried it in over a year).
I can post more on this if anyone wants, but the info is on the forums already.
The biggest issue is the media could only be mounted writable ~1,000 times, but that's true of all dvd+rw, dvd-rw, and cdrw media anyway.
I just wish I had a dvd-ram drive, which would be perfect for this. _________________ "You have to invite me in" |
|
Back to top |
|
|
jip n00b
Joined: 05 Mar 2007 Posts: 2 Location: Vladivostok
|
Posted: Mon Mar 05, 2007 1:19 am Post subject: |
|
|
Thank you, likewhoa.
By the way, second symbol '|' is interpreted by wiki engine in Code: | {{commandline|mkisofs -lots-of-options /my/data/ | dd of=/dev/mapper/cryptocd bs=512}} | It leads to the line cut. I can't fix it since wiki markup is quite new to me. _________________ Simplex sigillum veri |
|
Back to top |
|
|
likewhoa l33t
Joined: 04 Oct 2006 Posts: 778 Location: Brooklyn, New York
|
Posted: Mon Mar 05, 2007 7:07 am Post subject: |
|
|
changes made, thanks. |
|
Back to top |
|
|
likewhoa l33t
Joined: 04 Oct 2006 Posts: 778 Location: Brooklyn, New York
|
Posted: Mon Mar 05, 2007 7:09 am Post subject: |
|
|
Hopeless wrote: | Nice, but I have to question the point of using the luks extensions on read-only filesystems, which is what the howto appears to be dedicated to.
likewhoa wrote: | RoundsToZero wrote: | Could this be used with packet writing instead of creating an ISO image in advance? |
I would have to look into packet writing as I've never done it before, but my guess is that it is possible. |
It is, but not quite like this.
I used to do it with dvd+rw, using the following (to mount an existing encrypted filesystem on the media);
Code: | #! /bin/bash
CDRDEV=/dev/hdc
DMAP=dvdrw
MOUNTPOINT=/mnt/dvdrw
cryptsetup -c aes-cbc-plain -s 256 -y create ${DMAP} ${CDRDEV}
mount -t udf -o noatime,unhide,rw,user /dev/mapper/${DMAP} ${MOUNTPOINT}
chmod a+rw ${MOUNTPOINT}
exit |
It's simple, and it worked, but writing to the disc was slow (although this was in the early days of packet writing, and I haven't tried it in over a year).
I can post more on this if anyone wants, but the info is on the forums already.
The biggest issue is the media could only be mounted writable ~1,000 times, but that's true of all dvd+rw, dvd-rw, and cdrw media anyway.
I just wish I had a dvd-ram drive, which would be perfect for this. |
my guide is the same way you're doing it but with the difference is that crypsetup is using luks instead. |
|
Back to top |
|
|
jip n00b
Joined: 05 Mar 2007 Posts: 2 Location: Vladivostok
|
|
Back to top |
|
|
metalfan Apprentice
Joined: 09 Apr 2005 Posts: 260 Location: 127home0sweet0home1 .endofinternet.net
|
Posted: Tue May 29, 2007 7:36 pm Post subject: |
|
|
Hi,
below: Creating container
dd if=/dev/urandom of=cryptocd.iso bs=512 count=2048
dd if=/dev/urandom of=cryptocd.iso bs=512 count=1 seek=1m
1. Why does the first command create a 1mb container thats overwritten by the second command?
2. the m in seek=1m isn't working, its maybe a capital M?
3. How do you store dvd video data in a container thats 513MBb big? (second dd)?
greets
metalfan _________________ please add [SOLVED] to the topic if you found the answer |
|
Back to top |
|
|
likewhoa l33t
Joined: 04 Oct 2006 Posts: 778 Location: Brooklyn, New York
|
Posted: Wed May 30, 2007 11:47 pm Post subject: |
|
|
metalfan wrote: | Hi,
below: Creating container
dd if=/dev/urandom of=cryptocd.iso bs=512 count=2048
dd if=/dev/urandom of=cryptocd.iso bs=512 count=1 seek=1m
1. Why does the first command create a 1mb container thats overwritten by the second command?
to leave room for the luks header info
2. the m in seek=1m isn't working, its maybe a capital M?
I corrected the seek line to show a capital M. thanks for catching that typo.
3. How do you store dvd video data in a container thats 513MBb big? (second dd)?
the container will grow as data gets written into it, there is no size limit on it, the only
limit is above the size of your recordable media.
greets
metalfan |
|
|
Back to top |
|
|
likewhoa l33t
Joined: 04 Oct 2006 Posts: 778 Location: Brooklyn, New York
|
Posted: Thu May 31, 2007 12:01 am Post subject: |
|
|
I updated the wiki with some additions scripts. cryptocd-{mount,umount}.sh which will automate the mounting and umounting process. |
|
Back to top |
|
|
ariel n00b
Joined: 26 Jun 2007 Posts: 2
|
Posted: Tue Jun 26, 2007 6:16 am Post subject: |
|
|
Hi likewhoa,
I'm using your scripts and the whole thing works really fine. So thanks a bunch for posting this.
I can manually mount / umount the optical media using your helper scripts.
Now I'm using gnome 2.18.1. When I insert an encrypted CD, it gets detected (I think by gnome-mount), very much like the encrypted USB keys do. Then I get prompted for the password. After I type in the correct password, the gnome window gets frozen for about 4 minutes, then I get and error suggesting that the password was wrong. The CD won't get mounted by gnome, I have to do it manually. My encrypted USB HD partitions are mounted with no problems.
I was wondering if you ran into this problem and found the cause if this.
Thanks!
A |
|
Back to top |
|
|
likewhoa l33t
Joined: 04 Oct 2006 Posts: 778 Location: Brooklyn, New York
|
Posted: Wed Jul 11, 2007 6:08 am Post subject: |
|
|
ariel wrote: | Hi likewhoa,
I'm using your scripts and the whole thing works really fine. So thanks a bunch for posting this.
I can manually mount / umount the optical media using your helper scripts.
Now I'm using gnome 2.18.1. When I insert an encrypted CD, it gets detected (I think by gnome-mount), very much like the encrypted USB keys do. Then I get prompted for the password. After I type in the correct password, the gnome window gets frozen for about 4 minutes, then I get and error suggesting that the password was wrong. The CD won't get mounted by gnome, I have to do it manually. My encrypted USB HD partitions are mounted with no problems.
I was wondering if you ran into this problem and found the cause if this.
Thanks!
A |
gnome-mount uses gnome-keyring to retrieve and store that password phrases and you're trying to mount an encrypted optical media disc which gnome-mount has no way of knowing that's an encrypted medium. in otherwords,. gnome-mount and others will need to mount the optical medium the same way my helper scripts do. |
|
Back to top |
|
|
ariel n00b
Joined: 26 Jun 2007 Posts: 2
|
Posted: Wed Jul 11, 2007 5:28 pm Post subject: |
|
|
likewhoa wrote: | ariel wrote: | Hi likewhoa,
I'm using your scripts and the whole thing works really fine. So thanks a bunch for posting this.
I can manually mount / umount the optical media using your helper scripts.
Now I'm using gnome 2.18.1. When I insert an encrypted CD, it gets detected (I think by gnome-mount), very much like the encrypted USB keys do. Then I get prompted for the password. After I type in the correct password, the gnome window gets frozen for about 4 minutes, then I get and error suggesting that the password was wrong. The CD won't get mounted by gnome, I have to do it manually. My encrypted USB HD partitions are mounted with no problems.
I was wondering if you ran into this problem and found the cause if this.
Thanks!
A |
gnome-mount uses gnome-keyring to retrieve and store that password phrases and you're trying to mount an encrypted optical media disc which gnome-mount has no way of knowing that's an encrypted medium. in otherwords,. gnome-mount and others will need to mount the optical medium the same way my helper scripts do. |
Actually it does detect that it is a LUKS volume, when I insert the CD, I get the "Encrypted Disk" password prompt, same as when you insert a LUKS encrypted USB key. but for some reason, after you put the password, it doesn't get mounted, anyways, it's no big deal.
I run into a problem when burning DVDs though. After following exactly the same process as for CDs (save for lowering the burning speed to 4X), and getting no errors in the console during/after the burn process, I can't LUKS-open the DVD (ergo, I can't mount it either). I seems like the data has been burned (I see the mark in the DVD surface) but something went wrong, it can't be opened like the CD could.
Did you run into problems burning DVDs?
Also: are you aware of K3b plugins for on-the-fly encryption? (that would make life so much easier
Thanks! |
|
Back to top |
|
|
likewhoa l33t
Joined: 04 Oct 2006 Posts: 778 Location: Brooklyn, New York
|
Posted: Wed Jul 11, 2007 8:08 pm Post subject: |
|
|
ariel wrote: | likewhoa wrote: | ariel wrote: | Hi likewhoa,
I'm using your scripts and the whole thing works really fine. So thanks a bunch for posting this.
I can manually mount / umount the optical media using your helper scripts.
Now I'm using gnome 2.18.1. When I insert an encrypted CD, it gets detected (I think by gnome-mount), very much like the encrypted USB keys do. Then I get prompted for the password. After I type in the correct password, the gnome window gets frozen for about 4 minutes, then I get and error suggesting that the password was wrong. The CD won't get mounted by gnome, I have to do it manually. My encrypted USB HD partitions are mounted with no problems.
I was wondering if you ran into this problem and found the cause if this.
Thanks!
A |
gnome-mount uses gnome-keyring to retrieve and store that password phrases and you're trying to mount an encrypted optical media disc which gnome-mount has no way of knowing that's an encrypted medium. in otherwords,. gnome-mount and others will need to mount the optical medium the same way my helper scripts do. |
Actually it does detect that it is a LUKS volume, when I insert the CD, I get the "Encrypted Disk" password prompt, same as when you insert a LUKS encrypted USB key. but for some reason, after you put the password, it doesn't get mounted, anyways, it's no big deal.
I run into a problem when burning DVDs though. After following exactly the same process as for CDs (save for lowering the burning speed to 4X), and getting no errors in the console during/after the burn process, I can't LUKS-open the DVD (ergo, I can't mount it either). I seems like the data has been burned (I see the mark in the DVD surface) but something went wrong, it can't be opened like the CD could.
Did you run into problems burning DVDs?
Also: are you aware of K3b plugins for on-the-fly encryption? (that would make life so much easier
Thanks! |
yes i'm aware that gnome-mount can mount luks encrypted devices but it's not aware of encrypted optical media. yea i know about the k3b on-the-fly encryption but i prefer to do it manually. |
|
Back to top |
|
|
likewhoa l33t
Joined: 04 Oct 2006 Posts: 778 Location: Brooklyn, New York
|
Posted: Sun Sep 30, 2007 11:01 pm Post subject: |
|
|
cryptocd.sh has been updated to handle Dual Layer Media. Also scripts depends on app-cdr/dvd+rw-tools & app-cdr/cdrkit.
we need app-cdr/dvd+rw-tools's growisofs for burning the DVD Dual Layer media since cdrecord from cdrtools and wodim from cdrkit can't. |
|
Back to top |
|
|
miroR l33t
Joined: 05 Mar 2008 Posts: 826
|
Posted: Tue Jul 22, 2008 3:02 am Post subject: Luks optical disks to open on Windows with FreeOTFE |
|
|
I searched on the following, but didn't find much:
burn encrypted optical media with Luks that, here it is, can be mounted and viewed in plain Windows M$ environment...
I can encrypt and view my disks on the few kind of Linuces that I use, but I need them to be viewed on these aforementioned ugly systems as well.
FreeOTFE for some reason can't see nor mount these Luks disks I made...
The author claims it can mount and read Luks-encrypted volumes or partitions, but the portable mode FreeOTFE doesn't show CD/DVD drives, not on an amd64 nor on an old Intel x86 based systems of mine.
I saw the Russian guy (the author of fsLuks) mentions FreeOTFE on his site as well (links are in the thread above).
Can FreeOTFE read optical disks encrypted with Luks. Did anyone get to read them Windows?
I tried to open in Windows Luks-encrypted disks made in different ways on Linux (the fine fsLuks script included), but I can't get it to work.
The only other mention of a similar try I found here:
http://blog.ofkaiser.com/2006/11/
but the guy really shouldn't hurl such offences at the author of FreeOTFE...
On my part I thank the author just the same. He tried to help, and is certainly helping the true poor of computing: the Windows-only users just fine...
Any ideas (pls. refer to the beginning of my post (sorry for the long digression)? |
|
Back to top |
|
|
likewhoa l33t
Joined: 04 Oct 2006 Posts: 778 Location: Brooklyn, New York
|
Posted: Sun Aug 03, 2008 8:23 pm Post subject: Re: Luks optical disks to open on Windows with FreeOTFE |
|
|
miroR wrote: | I searched on the following, but didn't find much:
burn encrypted optical media with Luks that, here it is, can be mounted and viewed in plain Windows M$ environment...
I can encrypt and view my disks on the few kind of Linuces that I use, but I need them to be viewed on these aforementioned ugly systems as well.
FreeOTFE for some reason can't see nor mount these Luks disks I made...
The author claims it can mount and read Luks-encrypted volumes or partitions, but the portable mode FreeOTFE doesn't show CD/DVD drives, not on an amd64 nor on an old Intel x86 based systems of mine.
I saw the Russian guy (the author of fsLuks) mentions FreeOTFE on his site as well (links are in the thread above).
Can FreeOTFE read optical disks encrypted with Luks. Did anyone get to read them Windows?
I tried to open in Windows Luks-encrypted disks made in different ways on Linux (the fine fsLuks script included), but I can't get it to work.
The only other mention of a similar try I found here:
http://blog.ofkaiser.com/2006/11/
but the guy really shouldn't hurl such offences at the author of FreeOTFE...
On my part I thank the author just the same. He tried to help, and is certainly helping the true poor of computing: the Windows-only users just fine...
Any ideas (pls. refer to the beginning of my post (sorry for the long digression)? |
I don't think FreeOTFE is aware of encrypted media on optical disc, what you can do is create an ISO of the encrypted dvd and see if FreeOTFE can see it.
I normally just nfs share my encrypted dvd/cds to other windows as I wouldn't want to enter my password phrase. |
|
Back to top |
|
|
miroR l33t
Joined: 05 Mar 2008 Posts: 826
|
Posted: Thu Aug 14, 2008 1:24 pm Post subject: Luks optical disks to open on Windows with FreeOTFE |
|
|
Thanks, Likewhoa, for the reply (and, sure, for the tutorial),
and, sorry for my replying late, been busy...
Nfs share ok. But my point is: I want that stuff on my optical disks shared by others who are Linux-handicapped...
I might find more time and look further myself into the matter and report back. That might take time though...
Anyone else knows more, pls. post replies! |
|
Back to top |
|
|
|
|
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum
|
|