On Thu, Jan 26, 2006 at 06:13:51PM +0200, Juha Erkkila wrote:
> On Thu, Jan 26, 2006 at 10:45:10AM -0500, Paul Thorn wrote:
> > While the tar method would work if I split the data into smaller
> > segments, retrieval would be cumbersome at best, I fear. The
> > resulting encrypted tar files would need to be significantly < 4GB
> > for the same reasons that the large vnd filesystem can't be written
> > to the disk (ISO doesn't like these large files).
>
> note that you can write tar-archives directly to cd (and probably dvd),
> if you want to. this is what i do to achieve similar stuff:
>
> (cd $CRYPTDIR && pax -w .) \
> | openssl bf -e -pass file:$KEYFILE \
> | cdrecord blank=fast dev=/dev/rcd0c driveropts=burnfree speed=10 \
> -pad -tao -v -data -
>
> where $KEYFILE is on an encrypted filesystem. and retrival:
>
> dd if=/dev/rcd0c bs=2048 2>/dev/null \
> | openssl bf -d -pass file:$KEYFILE 2>/dev/null \
> | (cd $CRYPTDIR && pax -r)
>
> works pretty well for me. you may easily exchange blowfish for some
> some other cipher, too
There also exist a few programs that will add some redundancy, or at
least a checksum, to a data stream. They might be a good idea if backing
up to low-cost media like most DVDs.
Joachim
