Subject: Re: portable encrypted CD/USB
To: Douglas Allan Tutty <dtutty@porchlight.ca>
From: brad harder <bharder@methodlogic.net>
List: netbsd-users
Date: 05/17/2007 12:44:42 
On Thu, May 17, 2007 at 02:23:44PM -0400, Douglas Allan Tutty wrote:
> On Tue, May 15, 2007 at 09:27:15PM +1000, Thilo Jeremias wrote:
> > Douglas Allan Tutty wrote:
> > >I see in the netbsd guide about using the CGD to create an encrypted CD.
> > >It does note that such a CD can't be read with any other OS.
> > >
> > >Does anyone know of a tool to do something similar that is cross-OS
> > >between especially NetBSD and Debian GNU/Linux?  Ideally, it wouldn't be
> > >limited to CD but could be used on e.g. USB sticks.
> > >
> > >  
> > Things at a filesystem level are highly incompatible and specific to the OS,
> > easier (not as elegant though) would be to script something around well 
> > ported tools like openssl
> 
> The cross-platform nature was why I was interested in the CD aspect.
> iso9660 is OS independant.  If only there was an iso* cross-platform
> rw filesystem.  In any event, whatever filesystem can be written to any
> raw device.
> 
> > 
> > (you might even include scripts for win/lnx & bsd) that call
> > openssl enc -aes-256-cbs -d -pass "$1" -in "$2.cryp" -out "$2"
> > 
> 
> I'll look into openssl.  Unfortunatly, on my Debian box, the ssl docs
> are in pod format, whatever that is; makes it hard to read as plain
> text.  I'll try to find docs in pdf, html, or plain text.

POD is Plain Old Documentation format, from perl. Use perldoc to view it... perldoc also has facilities to change format (ie: perldoc -oLaTeX perldoc)

> > It would be cool if someone develops a device that acts like a 
> > hard-drive (flash disk) and if a certain file is written to it, would 
> > use this (filename or content) to decrypt the flash and present the 
> > decrypted content as an standard folder inside this "virtual" drive.
> > 
> > Sounds like a pet project....
> 
> Debian has aespipe that takes input, encrypts it, and spits it out via
> pipes.  I don't know the details since I haven't seen it for other OSs.
> 
> Perhaps there's a simple way to use openssl like that.  Then use your
> archive format of choice (is pax cross-platform?) and pipe it through to
> encrypt and decrypt.  
> 
> Back in the days when I ran OS/2 and __Applied_Cryptography__ first ed
> was first out, I implemented SHA and an encryption scheme like this
> using REXX.  
> 
> Doug.
> 

-- 

-bch
http://www.methodlogic.net