HOWTO Burn Encrypted DVDs

From Gentoo Linux Wiki

This article is part of the HOWTO series.

Installation • Kernel & Hardware • Networks • Portage • Software • System • X Server • Gaming • Non-x86 • Emulators • Misc

Contents 1 Intro 2 Required Kernel Modules 3 Install dependencies 4 Choose your key length 5 Choose your password 6 Create your DVD Image 7 Mounting the Image 8 Burn the Image 9 Mounting the DVD 10 Script

[edit] Intro

Did you ever want to back up sensitive information in an easily accessible encrypted form? Now you can.

Note: according to HOWTO Burn Encrypted Optical Media With Luks this method is "not safe" for journaling filesystems, including ext3/reiserfs.

[edit] Required Kernel Modules

Device Drivers ->
 Block Devices ->
  <M> Loopback Device Support
   <M> Cryptoloop Support
Cryptographic options ->
 <M> AES cipher algorithms

[edit] Install dependencies

emerge aespipe

see also http://loop-aes.sourceforge.net/

[edit] Choose your key length

We will be using the AES ciper because it offers great performance. Choose from either 128 or 256 bit key lengths, depending on your box's processing power.

[edit] Choose your password

Choose a 20 character password (aespipe requires this) and don't forget it, or you'll never get your data back!

[edit] Create your DVD Image

Create a directory called DVD. Copy or move the files you want to back up into that directory. Make sure that the size of contents of the directory will fit on your target disk's size. For CDs, don't go over 703 MB and for single-sided, single-layered DVDs, stay below 4.4 GB. Double-/Dual-layer DVDs can hold approximately 8 GB.

mkisofs -r DVD | aespipe -e AES256 > DVD.iso

You will be prompted for the password you chose earlier, so enter it.

[edit] Mounting the Image

This is the best way to test your image before you burn it. Assuming you are using a 128 bit ciper: modprobe aes; modprobe cryptoloop; mount -t iso9660 DVD.iso /mnt/iso -o loop=/dev/loop0,encryption=AES128

[edit] Burn the Image

Burn the image using your favorite burning program. K3B works just fine. Ignore any warnings about the image being invalid or corrupted, it will work anyway.

[edit] Mounting the DVD

Assuming your dvd drive is /dev/dvd and you are using a 128 bit ciper::

modprobe aes; modprobe cryptoloop; mount -t iso9660 /dev/dvd /mnt/iso -o loop=/dev/loop0,encryption=AES128

[edit] Script

I wrote a bash script, which creates, mounts and burns an encrypted iso. http://forums.gentoo.org/viewtopic-t-488329-highlight-.html