Subject: Re: portable encrypted CD/USB
To: None <netbsd-users@NetBSD.org>
From: Douglas Allan Tutty <firstname.lastname@example.org>
Date: 05/17/2007 14:23:44
On Tue, May 15, 2007 at 09:27:15PM +1000, Thilo Jeremias wrote:
> Douglas Allan Tutty wrote:
> >I see in the netbsd guide about using the CGD to create an encrypted CD.
> >It does note that such a CD can't be read with any other OS.
> >Does anyone know of a tool to do something similar that is cross-OS
> >between especially NetBSD and Debian GNU/Linux? Ideally, it wouldn't be
> >limited to CD but could be used on e.g. USB sticks.
> Things at a filesystem level are highly incompatible and specific to the OS,
> easier (not as elegant though) would be to script something around well
> ported tools like openssl
The cross-platform nature was why I was interested in the CD aspect.
iso9660 is OS independant. If only there was an iso* cross-platform
rw filesystem. In any event, whatever filesystem can be written to any
> (you might even include scripts for win/lnx & bsd) that call
> openssl enc -aes-256-cbs -d -pass "$1" -in "$2.cryp" -out "$2"
I'll look into openssl. Unfortunatly, on my Debian box, the ssl docs
are in pod format, whatever that is; makes it hard to read as plain
text. I'll try to find docs in pdf, html, or plain text.
> It would be cool if someone develops a device that acts like a
> hard-drive (flash disk) and if a certain file is written to it, would
> use this (filename or content) to decrypt the flash and present the
> decrypted content as an standard folder inside this "virtual" drive.
> Sounds like a pet project....
Debian has aespipe that takes input, encrypts it, and spits it out via
pipes. I don't know the details since I haven't seen it for other OSs.
Perhaps there's a simple way to use openssl like that. Then use your
archive format of choice (is pax cross-platform?) and pipe it through to
encrypt and decrypt.
Back in the days when I ran OS/2 and __Applied_Cryptography__ first ed
was first out, I implemented SHA and an encryption scheme like this