Re: How can I create data DVDs with encryption (AES preferred)
From: Bill Davidsen <firstname.lastname@example.org>
Subject: Re: How can I create data DVDs with encryption (AES preferred)
Date: Sat, 29 Jul 2006 14:34:28 -0400
> Meino Christian Cramer wrote:
> > I am using growisofs/mkisofs to create my data DVDs.
> > Now I want to encrypt them. With my CDs I used loop-AES for this
> > purpose, but I haven't found a way to do so with growisofs due to
> > the different workflow.
> > Thank you very much in advance for any hint or trick or help to
> > achieve this.
> The problem revolves around your choice of writing once or being able to
> grow. If you wish to grow I would have to wait and see if someone has a
> really good way to do it, while for writing a one-shot DVD, it's simple.
> Create a file the size of the filesystem you want to write. I suggest
> that filling it with /dev/urandom will be a bit slower than /dev/zero,
> but may (or may not) make it harder to break. If you're just trying to
> have a minimum level of security it probably doesn't matter. Then mount
> it with loop-AES, cryptoloop, whatever you like. Now write your data to
> the image, using mkisofs or creating an ext2 filesystem and mounting
> that. For excrypted backups that's often easier, since you can just copy
> Then unmount and just burn the file you created. It can be mounted (at
> least with cryptoloop, haven't tried loop-AES in over a year), and read
> just fine.
> Extrapolation: using ufs and DVD-RW you can have a live encrypted
> filesystem. I have not tried this, but several people have written that
> it works.
> I do backups that way, I take a du of what I want, break it into 4400MB
> chunks with breaker, and then let a script create each filesystem and
> burn the DVD. For 12GB of data it's practical, but I am waiting for
> Blue-Ray 50GB media to to anything of serious size.
> bill davidsen <email@example.com>
> CTO TMR Associates, Inc
> Doing interesting things with small computers since 1979
Thank you for your help and reply ! :)
My harddisk have notoriously less space (seems to be a feature of most
harddisks, at least of those I have bought...must talk to the
Therefore I would like to prevent the generation of a 4.3GByte "extra" file
just to get a container for those data which I want out of my way.
"In ancient times" (as I used to use CDRWs instead of DVDRWs) it was
simple, since one could mount the driver via loop-aes and encryption
was done, when cdrecord writes its data to the "looped burner".
With growisofs I didn't get this trick working.
When mounting my burner via pktsetup to make the burner act like a
very slow harddisk I will only be able to write 4GByte to the DVD --
may be the result of a kernel bub, for which I haven't found the fro
closer look at it.
Furthermore: DVDRW being used as "normal" drives (rw instead of ro)
will be wear out much sooner, since the organisation structures of the
filesystem are written much more than the files themselves.
Many words...less sense...
Is there any way to encrypt the data "on the fly" from the unencrypted
filesystem to the DVDRW without haveing an extra file and without
using the DVDRW as "normal hd" ? I will only use one-shot DVDRW,
i.e. I will always write the whole contents...no multisession or such.
Thank you very much in advance for any help ! :)
Have a nice weekend !