Subject: Re: portable encrypted CD/USB
To: None <>
From: Douglas Allan Tutty <>
List: netbsd-users
Date: 05/17/2007 14:23:44
On Tue, May 15, 2007 at 09:27:15PM +1000, Thilo Jeremias wrote:
> Douglas Allan Tutty wrote:
> >I see in the netbsd guide about using the CGD to create an encrypted CD.
> >It does note that such a CD can't be read with any other OS.
> >
> >Does anyone know of a tool to do something similar that is cross-OS
> >between especially NetBSD and Debian GNU/Linux?  Ideally, it wouldn't be
> >limited to CD but could be used on e.g. USB sticks.
> >
> >  
> Things at a filesystem level are highly incompatible and specific to the OS,
> easier (not as elegant though) would be to script something around well 
> ported tools like openssl

The cross-platform nature was why I was interested in the CD aspect.
iso9660 is OS independant.  If only there was an iso* cross-platform
rw filesystem.  In any event, whatever filesystem can be written to any
raw device.

> (you might even include scripts for win/lnx & bsd) that call
> openssl enc -aes-256-cbs -d -pass "$1" -in "$2.cryp" -out "$2"

I'll look into openssl.  Unfortunatly, on my Debian box, the ssl docs
are in pod format, whatever that is; makes it hard to read as plain
text.  I'll try to find docs in pdf, html, or plain text.
> It would be cool if someone develops a device that acts like a 
> hard-drive (flash disk) and if a certain file is written to it, would 
> use this (filename or content) to decrypt the flash and present the 
> decrypted content as an standard folder inside this "virtual" drive.
> Sounds like a pet project....

Debian has aespipe that takes input, encrypts it, and spits it out via
pipes.  I don't know the details since I haven't seen it for other OSs.

Perhaps there's a simple way to use openssl like that.  Then use your
archive format of choice (is pax cross-platform?) and pipe it through to
encrypt and decrypt.  

Back in the days when I ran OS/2 and __Applied_Cryptography__ first ed
was first out, I implemented SHA and an encryption scheme like this
using REXX.