Wednesday, May 21, 2008

Creating an Encrypted DVD with Debian Linux

As a network security professional, I occasionally need to save data relating to an investigation to a DVD. The data is often sensitive and requires encryption.

I found great tutorials at HOWTO Burn Encrypted DVDs and HOWTO Compile an aespipe Program

Below is my brief step-by-step guide. (Detailed information can be found at the above links.)

Note: Requirements aespipe (I use Debian Linux, which would loop-aes-modules)

Step 1:
Create a directory with the files you want to save on CD (or DVD).
In this example, we'll create a directory named WALDO.

Step 2 (you will be prompted to enter a passphrase):

$ yes "" dd of=image.iso bs=512 count=16
$ head -c 2925 /dev/random uuencode -m - head -n 66 tail -n 65 \
gpg --symmetric -a dd of=image.iso conv=notrunc

Step 3:
$ mkisofs -quiet -r WALDO aespipe -K WALDO.iso -O 16 >> WALDO.iso

Step 4: Test it by mounting on loopback

$ mount -t iso9660 WALDO.iso /cdrom -o \
loop,encryption=AES128,gpgkey=WALDO.iso,offset=8192

Step 5: Burn the iso (k3b works fine)

Step 6: mount the cd via fstab entry or:
$ mount -t iso9660 /dev/cdrom /cdrom -o \
loop,encryption=AES128,gpgkey=/dev/cdrom,offset=8192

Post provided by Mary M. Chaddock

4 comments:

Matt said...

I appreciate the technical aspect, but wouldn't it be much easier to just encrypt a tarball with gpg?

Chaddock said...

In some cases a tar ball may be a better solution.

However for my needs, I am working with hundreds and sometimes thousands of large files. It is easier and uses less resources (time, disk and CPU) to retrieve and view the data from an encrypted DVD that it would to unencrypt a large tarball.

Plus, it's easier for me to remember to unmount the CD than it is to delete the untar'ed files (which will normally leave forensically retrievable data on your hard drive).

Gilbert Mendoza said...

Hey there. Just as an FYI, I believe your theme formatting has removed essential characters from some of your posts. For example, none of the pipe symbols separating each of the stringed commands are showing.

esofthub said...

You're right Gilbert Mendoza. I just check a few posts and the "|" are missing. I guess changing between themes deleted them.