Encrypting content/filesystem on DVD?

classic Classic list List threaded Threaded
6 messages Options
Reply | Threaded
Open this post in threaded view
|

Encrypting content/filesystem on DVD?

Paul Thorn
Hi,

This may not be OpenBSD specific, but I'm looking for a way to encrypt
the contents of a DVD such that only a user with the correct passphrase
would be able to mount the contents. Sort of an optical equivilent to:

   vnconfig -ck svnd0 my-encrypted-file
   mount /dev/svnd0c /mount-point

My initial thoughts were to simply store an encrypted vnd file filesystem
as the only contents of a normal ISO9660 DVD, mount the DVD as always and
then attach a vnd device to the file stored on the DVD using
vnconfig, as above. Unfortunately, neither mkisofs (and indeed the
iso standard) nor growisofs appear to like 4G+ files ...
The encrypted content may represent a reasonable large filesystem
in one large file under this scheme.

My attempts at burning an ffs filesystem to DVD/CDR to get around the
filesize limitation of ISO9660 have been largely unsuccessful. See
below for details on the (flawed) procedure I initially attempted.
I'm sure I'm missing some crucial details -- blocksizes or similar.

As an aside, I'm also curious how one might successfully burn an ffs
filesystem to a DVD/CD such that OpenBSD can mount it, if such a thing
is even possible.

The contents only have to be mounted/read via an OpenBSD box. I'm not
concerned with interoperability with other architectures or making the
disk bootable.

I'm not stuck on any particular method of producing the encrypted
contents. Using vnd devices with a large file stored on a standard ISO
filesystem only seemed like a logical and familiar approach for me
and if the size of the file didn't trample ISO's limits, it would
have worked fine, I suspect.

I'm open to any suggestions on how else this might be most easily
accomplished.

Regards,
  - Paul

*** cdrw-ffs filesystem procedure -- comments in () ***
*** OpenBSD 3.8 GENERIC ***

(create a virtual filesystem)

# dd if=/dev/zero of=tst.fs bs=1024 count=10240
# vnconfig -c svnd2 tst.fs
# newfs -f 2048 /dev/svnd2c

newfs: /dev/svnd2c: not a character-special device
Warning: cylinder groups must have a multiple of 8 cylinders
Warning: 20 sector(s) in last cylinder unallocated
/dev/svnd2c:    20480 sectors in 205 cylinders of 1 tracks, 100 sectors
10.0MB in 1 cyl groups (208 c/g, 10.16MB/g, 1408 i/g)
super-block backups (for fsck -b #) at:
32,

(reference)
# disklabel svnd2

# /dev/rsvnd2c:
type: SCSI
disk: vnd device
label: fictitious
flags:
bytes/sector: 512
sectors/track: 100
tracks/cylinder: 1
sectors/cylinder: 100
cylinders: 204
total sectors: 20480
rpm: 3600
interleave: 1
trackskew: 0
cylinderskew: 0
headswitch: 0           # microseconds
track-to-track seek: 0  # microseconds
drivedata: 0

16 partitions:
#             size        offset  fstype [fsize bsize  cpg]
   c:         20480             0  4.2BSD   2048 16384  208 # Cyl     0 -
204*


(put something into the ffs image file - tst.fs)
# mkdir tstmnt
# mount /dev/svnd2c tstmnt
# touch tstmnt/hello_world
# umount tstmnt
# vnconfig -u svnd2

(burn it ...)
(Note: cdrecord installed from binary package using pkg_add crdtools-2.01)

# cdrecord -v dev=/dev/rcd0c tst.fs
cdrecord: No write mode specified.
cdrecord: Asuming -tao mode.
cdrecord: Future versions of cdrecord may have different drive
dependent defaults.
cdrecord: Continuing in 5 seconds...
Cdrecord-Clone 2.01 (i386-unknown-openbsd3.8)
Copyright (C) 1995-2004 Jvrg Schilling
TOC Type: 1 = CD-ROM
scsidev: '/dev/rcd0c'
devname: '/dev/rcd0c'
scsibus: -2 target: -2 lun: -2
Using libscg version 'schily-0.8'.
SCSI buffer size: 61440
atapi: 0
Device type    : Removable CD-ROM
Version        : 0
Response Format: 2
Capabilities   :
Vendor_info    : 'PIONEER '
Identifikation : 'DVD-RW  DVR-106D'
Revision       : '1.06'
Device seems to be: Generic mmc2 DVD-R/DVD-RW.
Current: 0x000A
Profile: 0x001B
Profile: 0x001A
Profile: 0x0014
Profile: 0x0013
Profile: 0x0011
Profile: 0x0010
Profile: 0x000A (current)
Profile: 0x0009 (current)
Profile: 0x0008
cdrecord: This version of cdrecord does not include DVD-R/DVD-RW support
code.
cdrecord: If you need DVD-R/DVD-RW support, ask the Author for
cdrecord-ProDVD.
cdrecord: Free test versions and free keys for personal use are at
ftp://ftp.berlios.de/pub/cdrecord/ProDVD/
Using generic SCSI-3/mmc   CD-R/CD-RW driver (mmc_cdr).
Driver flags   : MMC-3 SWABAUDIO BURNFREE
Supported modes: TAO PACKET SAO SAO/R96P SAO/R96R RAW/R16 RAW/R96P RAW/R96R
Drive buf size : 1267712 = 1238 KB
FIFO size      : 4194304 = 4096 KB
Track 01: data    10 MB
Total size:       11 MB (01:08.29) = 5122 sectors
Lout start:       11 MB (01:10/22) = 5122 sectors
Current Secsize: 2048
ATIP info from disk:
Indicated writing power: 2
Reference speed: 6
Is not unrestricted
Is erasable
Disk sub type: High speed Rewritable (CAV) media (1)
ATIP start of lead in:  -11077 (97:34/23)
ATIP start of lead out: 336075 (74:43/00)
   1T speed low:  4 1T speed high: 10
   2T speed low:  2 2T speed high: 10
   power mult factor: 2 6
   recommended erase/write power: 5
   A1 values: 24 2C DC
   A2 values: 14 A4 4A
   A3 values: 04 C4 80
Disk type:    Phase change
Manuf. index: 11
Manufacturer: Mitsubishi Chemical Corporation
Blocks total: 336075 Blocks current: 336075 Blocks remaining: 330953
Starting to write CD/DVD at speed 10 in real TAO mode for single session.
Last chance to quit, starting real write    0 seconds. Operation starts.
Waiting for reader process to fill input buffer ... input buffer ready.
BURN-Free is OFF.
Performing OPC...
Starting new track at sector: 0
Track 01:   10 of   10 MB written (fifo 100%) [buf  99%]  10.9x.
Track 01: Total bytes read/written: 10485760/10485760 (5120 sectors).
Writing  time:    9.563s
Average write speed   8.3x.
Min drive buffer fill was 87%
Fixating...
Fixating time:   30.995s
cdrecord: fifo had 171 puts and 171 gets.
cdrecord: fifo was 0 times empty and 28 times full, min fill was 89%.

(check the disklable for cd0 device -- seems to match tst.fs)
# disklabel cd0
# /dev/rcd0c:
type: SCSI
disk: vnd device
label: fictitious
flags:
bytes/sector: 512
sectors/track: 100
tracks/cylinder: 1
sectors/cylinder: 100
cylinders: 204
total sectors: 20480
rpm: 3600
interleave: 1
trackskew: 0
cylinderskew: 0
headswitch: 0           # microseconds
track-to-track seek: 0  # microseconds
drivedata: 0

16 partitions:
#             size        offset  fstype [fsize bsize  cpg]
   c:         20480             0  4.2BSD   2048 16384  208 # Cyl     0 -
204*

(try to mount cd0)
# mount /dev/cd0c tstmnt
mount_ffs: /dev/cd0c on /home/pthorn/system/cdtesting/tstmnt: Input/output
error

Reply | Threaded
Open this post in threaded view
|

Re: Encrypting content/filesystem on DVD?

Joachim Schipper
On Wed, Jan 25, 2006 at 10:40:44AM -0500, Paul Thorn wrote:

> Hi,
>
> This may not be OpenBSD specific, but I'm looking for a way to encrypt
> the contents of a DVD such that only a user with the correct passphrase
> would be able to mount the contents. Sort of an optical equivilent to:
>
>    vnconfig -ck svnd0 my-encrypted-file
>    mount /dev/svnd0c /mount-point
>
> My initial thoughts were to simply store an encrypted vnd file filesystem
> as the only contents of a normal ISO9660 DVD, mount the DVD as always and
> then attach a vnd device to the file stored on the DVD using
> vnconfig, as above. Unfortunately, neither mkisofs (and indeed the
> iso standard) nor growisofs appear to like 4G+ files ...
> The encrypted content may represent a reasonable large filesystem
> in one large file under this scheme.
>
> My attempts at burning an ffs filesystem to DVD/CDR to get around the
> filesize limitation of ISO9660 have been largely unsuccessful. See
> below for details on the (flawed) procedure I initially attempted.
> I'm sure I'm missing some crucial details -- blocksizes or similar.
>
> As an aside, I'm also curious how one might successfully burn an ffs
> filesystem to a DVD/CD such that OpenBSD can mount it, if such a thing
> is even possible.
>
> The contents only have to be mounted/read via an OpenBSD box. I'm not
> concerned with interoperability with other architectures or making the
> disk bootable.
>
> I'm not stuck on any particular method of producing the encrypted
> contents. Using vnd devices with a large file stored on a standard ISO
> filesystem only seemed like a logical and familiar approach for me
> and if the size of the file didn't trample ISO's limits, it would
> have worked fine, I suspect.
>
> I'm open to any suggestions on how else this might be most easily
> accomplished.

I don't know about the specific application, but since DVDs are
read-only anyway, and encrypted data tends not be accessed that often,
is there a good reason not to just pipe tar into gpg? That works very
well, and very portably.

                Joachim

Reply | Threaded
Open this post in threaded view
|

Re: Encrypting content/filesystem on DVD?

Paul Thorn
On Thu, 26 Jan 2006, Joachim Schipper wrote:

> On Wed, Jan 25, 2006 at 10:40:44AM -0500, Paul Thorn wrote:
>> Hi,
>>
>> I'm open to any suggestions on how else this might be most easily
>> accomplished.
>
> I don't know about the specific application, but since DVDs are
> read-only anyway, and encrypted data tends not be accessed that often,
> is there a good reason not to just pipe tar into gpg? That works very
> well, and very portably.
>
> Joachim

I was trying to avoid encrypting individual files on the DVD.
Otherwise, to retrieve and use the files involves a local copy. If
possible, I'd prefer to access the DVD as a filesystem (even
at the cost of speed -- or complexity to mount it) if this is at
all possible.

While the tar method would work if I split the data into smaller
segments, retrieval would be cumbersome at best, I fear. The
resulting encrypted tar files would need to be significantly < 4GB
for the same reasons that the large vnd filesystem can't be written
to the disk (ISO doesn't like these large files).

These files may need to be accessed somewhat regularly, so I was
looking for some method that is reasonably secure, but not
overly cumbersome for someone authorised to access.

Thanks for the suggestion, though. I'll probably be able to use
something like this for encrypting pure backups that are less
likely to be used regularly.

  - Paul

Reply | Threaded
Open this post in threaded view
|

Re: Encrypting content/filesystem on DVD?

Juha Erkkila
On Thu, Jan 26, 2006 at 10:45:10AM -0500, Paul Thorn wrote:
> While the tar method would work if I split the data into smaller
> segments, retrieval would be cumbersome at best, I fear. The
> resulting encrypted tar files would need to be significantly < 4GB
> for the same reasons that the large vnd filesystem can't be written
> to the disk (ISO doesn't like these large files).

note that you can write tar-archives directly to cd (and probably dvd),
if you want to.  this is what i do to achieve similar stuff:

(cd $CRYPTDIR && pax -w .) \
    | openssl bf -e -pass file:$KEYFILE \
    | cdrecord blank=fast dev=/dev/rcd0c driveropts=burnfree speed=10 \
    -pad -tao -v -data -

where $KEYFILE is on an encrypted filesystem.  and retrival:

dd if=/dev/rcd0c bs=2048 2>/dev/null \
    | openssl bf -d -pass file:$KEYFILE 2>/dev/null \
    | (cd $CRYPTDIR && pax -r)

works pretty well for me.  you may easily exchange blowfish for some
some other cipher, too

Juha

Reply | Threaded
Open this post in threaded view
|

Re: Encrypting content/filesystem on DVD?

Joachim Schipper
On Thu, Jan 26, 2006 at 06:13:51PM +0200, Juha Erkkila wrote:

> On Thu, Jan 26, 2006 at 10:45:10AM -0500, Paul Thorn wrote:
> > While the tar method would work if I split the data into smaller
> > segments, retrieval would be cumbersome at best, I fear. The
> > resulting encrypted tar files would need to be significantly < 4GB
> > for the same reasons that the large vnd filesystem can't be written
> > to the disk (ISO doesn't like these large files).
>
> note that you can write tar-archives directly to cd (and probably dvd),
> if you want to.  this is what i do to achieve similar stuff:
>
> (cd $CRYPTDIR && pax -w .) \
>     | openssl bf -e -pass file:$KEYFILE \
>     | cdrecord blank=fast dev=/dev/rcd0c driveropts=burnfree speed=10 \
>     -pad -tao -v -data -
>
> where $KEYFILE is on an encrypted filesystem.  and retrival:
>
> dd if=/dev/rcd0c bs=2048 2>/dev/null \
>     | openssl bf -d -pass file:$KEYFILE 2>/dev/null \
>     | (cd $CRYPTDIR && pax -r)
>
> works pretty well for me.  you may easily exchange blowfish for some
> some other cipher, too

There also exist a few programs that will add some redundancy, or at
least a checksum, to a data stream. They might be a good idea if backing
up to low-cost media like most DVDs.

                Joachim

Reply | Threaded
Open this post in threaded view
|

Re: Encrypting content/filesystem on DVD?

Joachim Schipper
In reply to this post by Paul Thorn
On Thu, Jan 26, 2006 at 10:45:10AM -0500, Paul Thorn wrote:
> On Thu, 26 Jan 2006, Joachim Schipper wrote:
>
> >On Wed, Jan 25, 2006 at 10:40:44AM -0500, Paul Thorn wrote:
> >>Hi,
<snipped by Paul: Paul wants to have an encrypted fs on DVD, but the
isofs tools don't like it>

> >>I'm open to any suggestions on how else this might be most easily
> >>accomplished.
> >
> >I don't know about the specific application, but since DVDs are
> >read-only anyway, and encrypted data tends not be accessed that often,
> >is there a good reason not to just pipe tar into gpg? That works very
> >well, and very portably.
>
> I was trying to avoid encrypting individual files on the DVD.
> Otherwise, to retrieve and use the files involves a local copy. If
> possible, I'd prefer to access the DVD as a filesystem (even
> at the cost of speed -- or complexity to mount it) if this is at
> all possible.
>
> While the tar method would work if I split the data into smaller
> segments, retrieval would be cumbersome at best, I fear. The
> resulting encrypted tar files would need to be significantly < 4GB
> for the same reasons that the large vnd filesystem can't be written
> to the disk (ISO doesn't like these large files).
>
> These files may need to be accessed somewhat regularly, so I was
> looking for some method that is reasonably secure, but not
> overly cumbersome for someone authorised to access.
>
> Thanks for the suggestion, though. I'll probably be able to use
> something like this for encrypting pure backups that are less
> likely to be used regularly.

I seem to recall there being versions of the cdrecord suite that worked
for large files as well[1]. Of course, getting them to run or even compile
on OpenBSD might not be trivial.

A last resort is always to simply use a couple of files, and mount them
in the proper order. Depending on how hackish you wish to be, either
overlapping mounts or mounts on subdirectories, and a simple script to
set it all up and tear it all down, most of the complexity of this setup
can be well-hidden from the actual user.
In fact, with a proper script to burn the CD, most of the complexity can
be hidden from the creator, too.

This should not be too much of a problem; make the files ~ 1 GB in size
each, and call them /fses/a.fs, /fses/b.fs, /fses/c.fs, and /fses/d.fs.
Any file that takes up more than, say, a couple of hundreds of megs can
be archived individually[2][3]; a good script will decrypt these to a
pre-mounted encrypted filesystem on the host (either that, or mfs - as
mfs uses swap, not regular disk space, in addition to conventional
memory of course, and swap is encrypted by default on OpenBSD 3.8,
copying to an mfs filesystem should be safe - unless you mucked with the
vm.swapencrypt.enable sysctl, or are using an older version, or fail to
get the permissions right).

                Joachim

[1] Maybe using UDF? I can't recall any details, I'm afraid, as I was
not terribly interested at the time.
[2] There is a tradeoff here, as putting as much as possible in a
filesystem will ease the load on a host that is reading it, while
putting large files into a tar archive or burning them separately will
save some space - especially when using simple algorithms for dividing
the files over the filesystems.
[3] Extremely large files may need to be split, even.