On Wed, Jan 25, 2006 at 10:40:44AM -0500, Paul Thorn wrote:
> Hi,
>
> This may not be OpenBSD specific, but I'm looking for a way to encrypt
> the contents of a DVD such that only a user with the correct passphrase
> would be able to mount the contents. Sort of an optical equivilent to:
>
> vnconfig -ck svnd0 my-encrypted-file
> mount /dev/svnd0c /mount-point
>
> My initial thoughts were to simply store an encrypted vnd file filesystem
> as the only contents of a normal ISO9660 DVD, mount the DVD as always and
> then attach a vnd device to the file stored on the DVD using
> vnconfig, as above. Unfortunately, neither mkisofs (and indeed the
> iso standard) nor growisofs appear to like 4G+ files ...
> The encrypted content may represent a reasonable large filesystem
> in one large file under this scheme.
>
> My attempts at burning an ffs filesystem to DVD/CDR to get around the
> filesize limitation of ISO9660 have been largely unsuccessful. See
> below for details on the (flawed) procedure I initially attempted.
> I'm sure I'm missing some crucial details -- blocksizes or similar.
>
> As an aside, I'm also curious how one might successfully burn an ffs
> filesystem to a DVD/CD such that OpenBSD can mount it, if such a thing
> is even possible.
>
> The contents only have to be mounted/read via an OpenBSD box. I'm not
> concerned with interoperability with other architectures or making the
> disk bootable.
>
> I'm not stuck on any particular method of producing the encrypted
> contents. Using vnd devices with a large file stored on a standard ISO
> filesystem only seemed like a logical and familiar approach for me
> and if the size of the file didn't trample ISO's limits, it would
> have worked fine, I suspect.
>
> I'm open to any suggestions on how else this might be most easily
> accomplished.
I don't know about the specific application, but since DVDs are
read-only anyway, and encrypted data tends not be accessed that often,
is there a good reason not to just pipe tar into gpg? That works very
well, and very portably.
Joachim
