On Wed, Jan 25, 2006 at 10:40:44AM -0500, Paul Thorn wrote: > Hi, > > This may not be OpenBSD specific, but I'm looking for a way to encrypt > the contents of a DVD such that only a user with the correct passphrase > would be able to mount the contents. Sort of an optical equivilent to: > > vnconfig -ck svnd0 my-encrypted-file > mount /dev/svnd0c /mount-point > > My initial thoughts were to simply store an encrypted vnd file filesystem > as the only contents of a normal ISO9660 DVD, mount the DVD as always and > then attach a vnd device to the file stored on the DVD using > vnconfig, as above. Unfortunately, neither mkisofs (and indeed the > iso standard) nor growisofs appear to like 4G+ files ... > The encrypted content may represent a reasonable large filesystem > in one large file under this scheme. > > My attempts at burning an ffs filesystem to DVD/CDR to get around the > filesize limitation of ISO9660 have been largely unsuccessful. See > below for details on the (flawed) procedure I initially attempted. > I'm sure I'm missing some crucial details -- blocksizes or similar. > > As an aside, I'm also curious how one might successfully burn an ffs > filesystem to a DVD/CD such that OpenBSD can mount it, if such a thing > is even possible. > > The contents only have to be mounted/read via an OpenBSD box. I'm not > concerned with interoperability with other architectures or making the > disk bootable. > > I'm not stuck on any particular method of producing the encrypted > contents. Using vnd devices with a large file stored on a standard ISO > filesystem only seemed like a logical and familiar approach for me > and if the size of the file didn't trample ISO's limits, it would > have worked fine, I suspect. > > I'm open to any suggestions on how else this might be most easily > accomplished.
I don't know about the specific application, but since DVDs are read-only anyway, and encrypted data tends not be accessed that often, is there a good reason not to just pipe tar into gpg? That works very well, and very portably. Joachim