The art of CD/DVD encryption

G_Syme · 2009-02-14 15:04:03

I'm currently looking for an optimal way to encrypt readonly media like CD/DVD (and probably Blu-Ray in the future).
By "optimal", I mean it should be secure (obviously), use clear specification (AKA which cipher, hash, mode of operation, keysize), be not-too-obscure (at least in a linux environment), and ensure future compatibility.

I'm currently using loop-aes, or to be more precise, aespipe to encrypt an ISO image and then burn it to DVD, according to this howto. In a nutshell, iso generation looks like this:

$ mkisofs -J -r dir/to/be/burned/ | aespipe -e aes256 > image.iso

which can then be burned, and later on be mounted with an fstab line like this:

/dev/dvd    /media/dvde    auto    ro,user,noauto,unhide,loop=/dev/loop0,encryption=AES256   0 0

This has worked nice in the past, but as you can see, I have specified neither the hash, nor the operation mode, so they have been chosen implicitly according to default values. As loop-aes also doesn't seem to save a header which includes info about cipher/hash/operation mode, the fstab entry also relies on default values. So if those default values should change over time, we'll probably get in trouble.
A second problem is that I'm also unable to find a way to specify in the fstab entry which hash/operation mode to use. So although I still have the manual way to open the volume via cryptsetup, I cannot simply rely on the fstab entry...
In addition to that, I've found this post which states "[...] i just piped my iso image through gpg, while this doesn't allow you transparnet filesystem encryption it will always survive things like blocksize changes in the kernel(which happened in between 2.2 and 2.4). [...]". I don't yet know how these blocksize changes will break compatibility of this method...

My second though was using truecrypt, but according to their plans for the future, there's no "standard" way yet to encrypt a complete CD/DVD with it. So I'll probably wait a bit longer (their wishlist isn't too long any more^^ ).

Last but not least, there is always dm-crypt/LUKS, which I always use for harddrive encryption. It is not obscure, supports recent modes of operation like LRW and XTS, and supports many ciphers. As meta-data about the encrypted volume will be stored in a header, future compatibility will probably be ensured, and those volumes could therefore also be mounted dynamically because of the header info. The downside is of course that the meta-data will reveal these encrypted volumes and hence there will be no way to get plausible deniability.
Furthermore, I'm not sure yet how to generate an iso with LUKS.

But before I try my luck with LUKS, maybe some of you have gained some experiences about this topic and maybe even use a completely different way to cope with this problem.

G_Syme · 2009-02-14 18:51:04

I've found an interesting howto which does not build an iso9660 image, but relies on UDF, so you can really create an image with an appropriate size, format it with LUKS, make a UDF on it, mount it, and just copy the files you want to burn on that encrypted volume.

Unfortunately, the mkudffs tool, which is part of the udftools package, seems to be malfunctioning according to a user.
So I'll take a further look into it first.

Ranguvar · 2009-02-14 21:50:23

Nice info, I'll take a look soon to use it. Thanks!

moljac024 · 2009-02-14 22:26:35

Actually the gpg method seems nice

Arch Linux

#1 2009-02-14 15:04:03

The art of CD/DVD encryption

#2 2009-02-14 18:51:04

Re: The art of CD/DVD encryption

#3 2009-02-14 21:50:23

Re: The art of CD/DVD encryption

#4 2009-02-14 22:26:35

Re: The art of CD/DVD encryption

Board footer