On Thu, Jan 26, 2006 at 10:45:10AM -0500, Paul Thorn wrote:
> While the tar method would work if I split the data into smaller
> segments, retrieval would be cumbersome at best, I fear. The
> resulting encrypted tar files would need to be significantly < 4GB
> for the same reasons that the large vnd filesystem can't be written
> to the disk (ISO doesn't like these large files).
note that you can write tar-archives directly to cd (and probably dvd),
if you want to. this is what i do to achieve similar stuff:
(cd $CRYPTDIR && pax -w .) \
| openssl bf -e -pass file:$KEYFILE \
| cdrecord blank=fast dev=/dev/rcd0c driveropts=burnfree speed=10 \
-pad -tao -v -data -
where $KEYFILE is on an encrypted filesystem. and retrival:
dd if=/dev/rcd0c bs=2048 2>/dev/null \
| openssl bf -d -pass file:$KEYFILE 2>/dev/null \
| (cd $CRYPTDIR && pax -r)
works pretty well for me. you may easily exchange blowfish for some
some other cipher, too
Juha
