Hi, This may not be OpenBSD specific, but I'm looking for a way to encrypt the contents of a DVD such that only a user with the correct passphrase would be able to mount the contents. Sort of an optical equivilent to:
vnconfig -ck svnd0 my-encrypted-file mount /dev/svnd0c /mount-point My initial thoughts were to simply store an encrypted vnd file filesystem as the only contents of a normal ISO9660 DVD, mount the DVD as always and then attach a vnd device to the file stored on the DVD using vnconfig, as above. Unfortunately, neither mkisofs (and indeed the iso standard) nor growisofs appear to like 4G+ files ... The encrypted content may represent a reasonable large filesystem in one large file under this scheme. My attempts at burning an ffs filesystem to DVD/CDR to get around the filesize limitation of ISO9660 have been largely unsuccessful. See below for details on the (flawed) procedure I initially attempted. I'm sure I'm missing some crucial details -- blocksizes or similar. As an aside, I'm also curious how one might successfully burn an ffs filesystem to a DVD/CD such that OpenBSD can mount it, if such a thing is even possible. The contents only have to be mounted/read via an OpenBSD box. I'm not concerned with interoperability with other architectures or making the disk bootable. I'm not stuck on any particular method of producing the encrypted contents. Using vnd devices with a large file stored on a standard ISO filesystem only seemed like a logical and familiar approach for me and if the size of the file didn't trample ISO's limits, it would have worked fine, I suspect. I'm open to any suggestions on how else this might be most easily accomplished. Regards, - Paul *** cdrw-ffs filesystem procedure -- comments in () *** *** OpenBSD 3.8 GENERIC *** (create a virtual filesystem) # dd if=/dev/zero of=tst.fs bs=1024 count=10240 # vnconfig -c svnd2 tst.fs # newfs -f 2048 /dev/svnd2c newfs: /dev/svnd2c: not a character-special device Warning: cylinder groups must have a multiple of 8 cylinders Warning: 20 sector(s) in last cylinder unallocated /dev/svnd2c: 20480 sectors in 205 cylinders of 1 tracks, 100 sectors 10.0MB in 1 cyl groups (208 c/g, 10.16MB/g, 1408 i/g) super-block backups (for fsck -b #) at: 32, (reference) # disklabel svnd2 # /dev/rsvnd2c: type: SCSI disk: vnd device label: fictitious flags: bytes/sector: 512 sectors/track: 100 tracks/cylinder: 1 sectors/cylinder: 100 cylinders: 204 total sectors: 20480 rpm: 3600 interleave: 1 trackskew: 0 cylinderskew: 0 headswitch: 0 # microseconds track-to-track seek: 0 # microseconds drivedata: 0 16 partitions: # size offset fstype [fsize bsize cpg] c: 20480 0 4.2BSD 2048 16384 208 # Cyl 0 - 204* (put something into the ffs image file - tst.fs) # mkdir tstmnt # mount /dev/svnd2c tstmnt # touch tstmnt/hello_world # umount tstmnt # vnconfig -u svnd2 (burn it ...) (Note: cdrecord installed from binary package using pkg_add crdtools-2.01) # cdrecord -v dev=/dev/rcd0c tst.fs cdrecord: No write mode specified. cdrecord: Asuming -tao mode. cdrecord: Future versions of cdrecord may have different drive dependent defaults. cdrecord: Continuing in 5 seconds... Cdrecord-Clone 2.01 (i386-unknown-openbsd3.8) Copyright (C) 1995-2004 Jvrg Schilling TOC Type: 1 = CD-ROM scsidev: '/dev/rcd0c' devname: '/dev/rcd0c' scsibus: -2 target: -2 lun: -2 Using libscg version 'schily-0.8'. SCSI buffer size: 61440 atapi: 0 Device type : Removable CD-ROM Version : 0 Response Format: 2 Capabilities : Vendor_info : 'PIONEER ' Identifikation : 'DVD-RW DVR-106D' Revision : '1.06' Device seems to be: Generic mmc2 DVD-R/DVD-RW. Current: 0x000A Profile: 0x001B Profile: 0x001A Profile: 0x0014 Profile: 0x0013 Profile: 0x0011 Profile: 0x0010 Profile: 0x000A (current) Profile: 0x0009 (current) Profile: 0x0008 cdrecord: This version of cdrecord does not include DVD-R/DVD-RW support code. cdrecord: If you need DVD-R/DVD-RW support, ask the Author for cdrecord-ProDVD. cdrecord: Free test versions and free keys for personal use are at ftp://ftp.berlios.de/pub/cdrecord/ProDVD/ Using generic SCSI-3/mmc CD-R/CD-RW driver (mmc_cdr). Driver flags : MMC-3 SWABAUDIO BURNFREE Supported modes: TAO PACKET SAO SAO/R96P SAO/R96R RAW/R16 RAW/R96P RAW/R96R Drive buf size : 1267712 = 1238 KB FIFO size : 4194304 = 4096 KB Track 01: data 10 MB Total size: 11 MB (01:08.29) = 5122 sectors Lout start: 11 MB (01:10/22) = 5122 sectors Current Secsize: 2048 ATIP info from disk: Indicated writing power: 2 Reference speed: 6 Is not unrestricted Is erasable Disk sub type: High speed Rewritable (CAV) media (1) ATIP start of lead in: -11077 (97:34/23) ATIP start of lead out: 336075 (74:43/00) 1T speed low: 4 1T speed high: 10 2T speed low: 2 2T speed high: 10 power mult factor: 2 6 recommended erase/write power: 5 A1 values: 24 2C DC A2 values: 14 A4 4A A3 values: 04 C4 80 Disk type: Phase change Manuf. index: 11 Manufacturer: Mitsubishi Chemical Corporation Blocks total: 336075 Blocks current: 336075 Blocks remaining: 330953 Starting to write CD/DVD at speed 10 in real TAO mode for single session. Last chance to quit, starting real write 0 seconds. Operation starts. Waiting for reader process to fill input buffer ... input buffer ready. BURN-Free is OFF. Performing OPC... Starting new track at sector: 0 Track 01: 10 of 10 MB written (fifo 100%) [buf 99%] 10.9x. Track 01: Total bytes read/written: 10485760/10485760 (5120 sectors). Writing time: 9.563s Average write speed 8.3x. Min drive buffer fill was 87% Fixating... Fixating time: 30.995s cdrecord: fifo had 171 puts and 171 gets. cdrecord: fifo was 0 times empty and 28 times full, min fill was 89%. (check the disklable for cd0 device -- seems to match tst.fs) # disklabel cd0 # /dev/rcd0c: type: SCSI disk: vnd device label: fictitious flags: bytes/sector: 512 sectors/track: 100 tracks/cylinder: 1 sectors/cylinder: 100 cylinders: 204 total sectors: 20480 rpm: 3600 interleave: 1 trackskew: 0 cylinderskew: 0 headswitch: 0 # microseconds track-to-track seek: 0 # microseconds drivedata: 0 16 partitions: # size offset fstype [fsize bsize cpg] c: 20480 0 4.2BSD 2048 16384 208 # Cyl 0 - 204* (try to mount cd0) # mount /dev/cd0c tstmnt mount_ffs: /dev/cd0c on /home/pthorn/system/cdtesting/tstmnt: Input/output error
