netbsd-users: Re: portable encrypted CD/USB

Subject: Re: portable encrypted CD/USB
To: None <netbsd-users@NetBSD.org>
From: Malcolm Herbert <mjch@mjch.net>
List: netbsd-users
Date: 05/18/2007 09:57:33
On Thu, May 17, 2007 at 02:23:44PM -0400, Douglas Allan Tutty wrote:
|On Tue, May 15, 2007 at 09:27:15PM +1000, Thilo Jeremias wrote:
|> Things at a filesystem level are highly incompatible and specific to the OS,
|> easier (not as elegant though) would be to script something around well 
|> ported tools like openssl
|
|The cross-platform nature was why I was interested in the CD aspect.
|iso9660 is OS independant.  If only there was an iso* cross-platform
|rw filesystem.  In any event, whatever filesystem can be written to any
|raw device.

... isn't that what UFS was for?

|> (you might even include scripts for win/lnx & bsd) that call
|> openssl enc -aes-256-cbs -d -pass "$1" -in "$2.cryp" -out "$2"
|> 
|
|I'll look into openssl.  Unfortunatly, on my Debian box, the ssl docs
|are in pod format, whatever that is; makes it hard to read as plain
|text.  I'll try to find docs in pdf, html, or plain text.

... not sure which pod format you're talking about - it may be Perl's
Plain Old Documentation format, in which case you should be able to 
use perldoc to turn your pod file into text or html or whatever

|> It would be cool if someone develops a device that acts like a 
|> hard-drive (flash disk) and if a certain file is written to it, would 
|> use this (filename or content) to decrypt the flash and present the 
|> decrypted content as an standard folder inside this "virtual" drive.
|> 
|> Sounds like a pet project....
|
|Debian has aespipe that takes input, encrypts it, and spits it out via
|pipes.  I don't know the details since I haven't seen it for other OSs.
|
|Perhaps there's a simple way to use openssl like that.  Then use your
|archive format of choice (is pax cross-platform?) and pipe it through to
|encrypt and decrypt.  

there is a backup tool (backula?) which does something similar - it allows
a group of hosts to store encrypted incremental backup streams for each
other.  I don't know how well that would work for an interactive file
system though ...

-- 
Malcolm Herbert                                This brain intentionally
mjch@mjch.net                                                left blank