Subject: Re: portable encrypted CD/USB
To: None <netbsd-users@NetBSD.org>
From: Malcolm Herbert <firstname.lastname@example.org>
Date: 05/18/2007 09:57:33
On Thu, May 17, 2007 at 02:23:44PM -0400, Douglas Allan Tutty wrote:
|On Tue, May 15, 2007 at 09:27:15PM +1000, Thilo Jeremias wrote:
|> Things at a filesystem level are highly incompatible and specific to the OS,
|> easier (not as elegant though) would be to script something around well
|> ported tools like openssl
|The cross-platform nature was why I was interested in the CD aspect.
|iso9660 is OS independant. If only there was an iso* cross-platform
|rw filesystem. In any event, whatever filesystem can be written to any
... isn't that what UFS was for?
|> (you might even include scripts for win/lnx & bsd) that call
|> openssl enc -aes-256-cbs -d -pass "$1" -in "$2.cryp" -out "$2"
|I'll look into openssl. Unfortunatly, on my Debian box, the ssl docs
|are in pod format, whatever that is; makes it hard to read as plain
|text. I'll try to find docs in pdf, html, or plain text.
... not sure which pod format you're talking about - it may be Perl's
Plain Old Documentation format, in which case you should be able to
use perldoc to turn your pod file into text or html or whatever
|> It would be cool if someone develops a device that acts like a
|> hard-drive (flash disk) and if a certain file is written to it, would
|> use this (filename or content) to decrypt the flash and present the
|> decrypted content as an standard folder inside this "virtual" drive.
|> Sounds like a pet project....
|Debian has aespipe that takes input, encrypts it, and spits it out via
|pipes. I don't know the details since I haven't seen it for other OSs.
|Perhaps there's a simple way to use openssl like that. Then use your
|archive format of choice (is pax cross-platform?) and pipe it through to
|encrypt and decrypt.
there is a backup tool (backula?) which does something similar - it allows
a group of hosts to store encrypted incremental backup streams for each
other. I don't know how well that would work for an interactive file
system though ...
Malcolm Herbert This brain intentionally
email@example.com left blank