[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [opensuse-security] Weird encrypted filesystem problem.



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


The Friday 2007-04-20 at 15:14 +0200, Ludwig Nussel wrote:

> >  - First I generate a zisofs compressed dvd image, using mkzftree (1) and
> >    "mkisofs -Z", which I name "zisofs.iso".
> >  - Create an xfs image of an encrypted filesystem (losetup, twofish, etc),
> >    in file '/Disco40/crypta.xfs.f'
> >  - I mount the xfs image, and copy on the resulting filesystem the
> >    iso9660/zisofs dvd image created earlier (zisofs.iso).
> >  - I umount the xfs image, and burn it to a dvd.
> 
> What do you need the xfs image for? You can just burn the result of
> encrypting zisofs.iso.

I don't know how to encrypt an iso image.

The encryption procedure I know is:

  dd if=/dev/zero of=crypta.file bs=1M count=4482 
  losetup -T -e twofish256 /dev/loop1 crypta.file
  mkfs -L "EncriptedBackup" -t xfs /dev/loop1
  mount -t xfs /dev/loop1 /mnt/tmp

I don't know how i can adapt mkisofs so that it creates an encrypted 
image. 

You see, there are man pages on the encryption programs, but I haven't 
seen a howto on how to combine all of them.


> Anyways. Looks like xfs doesn't work with the sector size of a
> cdrom. It works if you attach a loop device first and then use the
> loop device for cryptsetup-twofishSL92.
> e.g.
> losetup /dev/loop0 /dev/hdc
> cryptsetup-twofishSL92 foo /dev/loop0

You mean that the devmapping thing will not work? Because I can mount them 
ok without that (execept the SL92 compatibility problem, that is).

Ah, I see!

nimrodel:~ # losetup /dev/loop2 /dev/hdc
nimrodel:~ # cryptsetup-twofishSL92 foo /dev/loop2
Enter passphrase: 
nimrodel:~ # mount /dev/mapper/foo foodir/
nimrodel:~ # l foodir/
total 4305612
...

It works! Wow, thanks!


- -- 
Cheers,
       Carlos E. R.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)
Comment: Made with pgp4pine 1.76

iD8DBQFGKQjOtTMYHG2NR9URArmNAJ4w3aSZNprz4FZDmBBXxW8SRc+laQCfRNtv
1nPzGYQ/vuYy+HI52ShNQuU=
=Y8qF
-----END PGP SIGNATURE-----

---------------------------------------------------------------------
To unsubscribe, e-mail: opensuse-security+unsubscribe@xxxxxxxxxxxx
For additional commands, e-mail: opensuse-security+help@xxxxxxxxxxxx