Re: [Trisquel-users] Help me burning encryped DVD with Luks
I'm continuing the post #22 by HKR I've corrected some commands dd if=/dev/zero bs=1M count=665 of=my-container.iso On this command, you will notice the use of .iso rather than .img used in this tutorial http://elephly.net/posts/2013-10-01-dm-crypt.html Using a .iso file is better for Brasero, because it is a recognized format. sudo cryptsetup luksFormat my-container.iso sudo cryptsetup luksOpen ~/my-container.iso secret-device sudo mkfs -t ext4 /dev/mapper/secret-device mkdir ~/my-mount-point sudo mount /dev/mapper/secret-device ~/my-mount-point sudo umount ~/my-mount-point sudo cryptsetup luksClose secret-device sudo cryptsetup luksOpen ~/my-container.iso secret-device sudo mount /dev/mapper/secret-device ~/my-mount-point sudo chown [your name session] my-mount-point After a my-container.iso burning, the things I feared in post #19 happened. When you insert the encrypted cd-r and you try to open it in Nautilus, the usual window you can find with your external HD or USB key works very well. But after have entering your password there is this warning : Impossible to access to « 695 MB Volume» Error mounting /dev/dm-3 at /media/[your session]/d2848ff6-7b28-44d0-91f3-8a454c84fb23: Command-line `mount -t "ext4" -o "uhelper=udisks2,nodev,nosuid" "/dev/dm-3" "/media/[your session]/d2848ff6-7b28-44d0-91f3-8a454c84fb23"' exited with non-zero exit status 32: mount: block device /dev/mapper/luks-e8d99aff-7c20-445b-9b1a-88d350197868 is write-protected, mounting read-only mount: wrong fs type, bad option, bad superblock on /dev/mapper/luks-e8d99aff-7c20-445b-9b1a-88d350197868, missing codepage or helper program, or other error In some cases useful info is found in syslog - try dmesg | tail or so There is the problem of the mounting point named "my-mount-point" and you can't acces to your files. It is also impossible to eject the CD-R without restart the machine. Does anyone understand what really says this warning ? Thank you.
Re: [Trisquel-users] Help me burning encryped DVD with Luks
Create an empty file with the size of your container (10 MB here) dd if=/dev/zero bs=512 count=19532 of=myFile Here we make an encrypted LUKS partition on myFile sudo cryptsetup luksFormat myFile Now we mount the file on an vitual device named mydevice sudo cryptsetup luksOpen myFile myDevice We create an ext4 file system on this device sudo mkfs -t ext4 /dev/mapper/myDevice Now we mount myDevice on an folder named here myMountPoint mkdir myMountPoint sudo mount /dev/mapper/myDevice myMountPoint/ Change the proprietary sudo chown 'here your sesion name' myMountPoint Now you can drag and drop from nautilus
Re: [Trisquel-users] Help me burning encryped DVD with Luks
I succeed to create the file and mount it. The tutorial have errors. It creates a files named my-container.img at the beginning and call it mycontainer which gives an error in the terminal. But I still have a problem to drag and drop the files or even copy and paste my file in the container once it's mounted. The real proprietary of "my-mouth-point" if you follow all the steps is not your computer, it is "root". I came into /dev/mapper so see if there was any secret-device file, and there wasn't.
Re: [Trisquel-users] Help me burning encryped DVD with Luks
You create your empty file system on a file on your home (for example) You mount it and you copy on it your files You unmount it and burn it on CD/DVD You mount your file System from the file on your CD/DVD So if you erase your .img on your HDD it's not important because you want mount it from CD/DVD. You must adapt the command line to use you it from a CD/DVD
Re: [Trisquel-users] Help me burning encryped DVD with Luks
I haven't got any doubt that his works But I'm wondering what happens if you burn this .img, put it in the trash and if this disc can work with a device file in /dev/mapper and a mount point file in ~/ as those files depends of the .img I don't think this can work on another computer. I'm going to install Tomb (i haven't done it yet) to see how a CD-R behaves with a .tomb file. I hope it will woks fine. I still haven't got any real solution yet.
Re: [Trisquel-users] Help me burning encryped DVD with Luks
Hummm Intresting link ! Thank you HKR ! I'll have a try.
Re: [Trisquel-users] Help me burning encryped DVD with Luks
Well, bad news Veracrypy doesn't allow to make encryped cd-r. You need the Traveler Disk Setup option in the Tool menu. It seems this option only exist on Veracrypt for Windows. https://www.reddit.com/r/VeraCrypt/comments/3rl794/what_happened_to_the_traveler_disk_setup_option/
Re: [Trisquel-users] Help me burning encryped DVD with Luks
The TrueCrypt's licence on wikipedia depends of page language. Sometime we have Apache 2, or Apache 2 and TrueCrypt Licence, or Apache 2 with some part under TrueCrypt Licence. Wikipedia is just not update. CodePlex is Microsoft's free open source project hosting site. :-) (lol)
Re: [Trisquel-users] Help me burning encryped DVD with Luks
This tutorial explain how create an encrypted filesytem in file with dm-crypt in LUKS format.
Re: [Trisquel-users] Help me burning encryped DVD with Luks
onp...@riseup.net, Ven 27 Mai 2016 00:59:41 CEST: The TrueCrypt project was shut down supposedly because of security problems that could not be fixed, IIRC. Considering that, I see no reason to think that VeraCrypt is secure. I don't think so. As a matter of fact, an independent audit was made and found TrueCrypt to be 100% clean. You need to understand that when you're walking by the seaside, and a seagull is running from you with a wing badly turned, the seagull is in fact OK and will fly alright - it is simply luring the predador away from its nest. Now, the full truth about TrueCrypt is still unknown, but I think the independent audit can be trusted. As for VeraCrypt license, as pointed before by Substance2004, is an Apache 2.0 license. I don't see any other license there. Ignacio Agulló · agu...@ati.es This message was sent using IMP, the Internet Messaging Program.
Re: [Trisquel-users] Help me burning encryped DVD with Luks
There is a french expression saying that you shouldn't put all the eggs in the same bag. Of course, we'll advice to choose a super strong passphrase See this intresting discussion https://trisquel.info/en/forum/what-are-your-favorite-encryption-programs-or-methods#comment-95716 The TrueCrypt story shouldn't let us forget that any encryption software can be hacked. So, why not using this usb key encrypted with Tomb, this one with cryptkeeper, some of the files of your 2To with different methods like GPG... This method can be ok if you're a journalist or an activist, but people first should be aware of what they are doing on the internet and the GAFA. Veracrypt exist for 3 years now, but no one proved (excepted the NSA that will keep it secret) that every TrueCrypt fork is hackable. A doubt can be allowed... You are right onpon4. I simply notice by this question (how can i do an encrypted CD-R or DVD-R on Trisquel) that there is something missing we should answer. Veracrypt is the first answer, and I'm hoping there will a second, then a third... Certainely because we don't use CD-R, DVD or BR as a storage like we did before USB keys, bigger external HD and then the cloud to store our data, we have forgot this question.
Re: [Trisquel-users] Help me burning encryped DVD with Luks
The TrueCrypt project was shut down supposedly because of security problems that could not be fixed, IIRC. Considering that, I see no reason to think that VeraCrypt is secure.
Re: [Trisquel-users] Help me burning encryped DVD with Luks
I've been on Wikipedia to check it out without seeing that there was this link : https://veracrypt.codeplex.com/license Apache License 2.0 (Apache)... So it is totally free software.
Re: [Trisquel-users] Help me burning encryped DVD with Luks
pierrefa...@laposte.net, Xov 26 Mai 2016 22:45:07 CEST: VeraCrypt's got the Apache License 2.0 but with portions subject to TrueCrypt License version 3.0 which are non-free This license is nonfree for several reasons. Ouch. Ouch. I love it when freedom and security go hand by hand, which happens most of the time. I hate it when I have to choose between one and the other. Ignacio Agulló · agu...@ati.es This message was sent using IMP, the Internet Messaging Program.
Re: [Trisquel-users] Help me burning encryped DVD with Luks
VeraCrypt's got the Apache License 2.0 but with portions subject to TrueCrypt License version 3.0 which are non-free This license is nonfree for several reasons. It says that if you don't understand the license you may not use the program. It puts conditions on allowing others to run your copy. It puts conditions on separate programs that “depend on” Truecrypt. The trademark condition applies to “associated materials”. There are other points in the license which seem perhaps unacceptable, and in our uncertainty about them we delayed in posting our evaluation. We have posted it now to explain why we do not mourn the demise of Truecrypt. There are free programs that do the same job. https://www.gnu.org/licenses/license-list.en.html
Re: [Trisquel-users] Help me burning encryped DVD with Luks
Somehow my most recent post offers no "edit" link. So i use the "reply" link: mkisofs option -r alters ownership and access permissions of the file copies in the ISO. Although this is beneficial for publishing or data transport, it is not really what a good backup needs. So i advise to omit option -r. mkisofs and genisoimage produce Rock Ridge only if option -R is given. xorriso -as mkisofs produces it by default but also accepts an explicit option -R.
Re: [Trisquel-users] Help me burning encryped DVD with Luks
Hi, i updated my previous replies by "code" tags. Hopefully my proposals for changing the encryption script are more readable now. (I wonder how to avoid the double spacing between lines.) > Maybe the begining of an answer ? You are nearly there. Combine your two failed experiments: xorriso -as mkisofs -r backup | aespipe -e aes256 > backup.iso (I tested this with "cat" rather than "aespipe ...".) Reasoning: xorriso interprets commands. One of them is "-as". The first argument after "-as" chooses the emulation mode. Either mode "mkisofs" or mode "cdrecord". The further arguments up to the first "--" are then interpreted as options of the emulated programs. There is no xorriso command "-r". So without preceeding "-as" "mkisofs", this yields the error message about "Not a known command". Further, xorriso does not accept lonely words as input paths (unless command -add_plainly enabled this). Such paths are rather submitted as arguments of commands like -map or -add. So your path "backup" gets the same complaint "Not a known command". If you run xorriso for backup purposes, consider to enable some extras by -as mkisofs option --for_backup: MD5 checksums for superblock, directory tree, overall ISO, and each data file in the ISO, recording of ACL and xattr. xorriso -as mkisofs --for_backup -r backup | aespipe -e aes256 > backup.iso The checksums can be verified on the decrypted ISO (i guess aespipe -d -e aes256 backup_clear.iso ) by xorriso runs like: xorriso -for_backup -indev backup_clear.iso -check_media -- (Note that the "-for_backup" used here is a xorriso command, not an -as mkisofs option. To have an effect it must be executed before the -indev command which loads the ISO tree and extra info.) If verification errors or read errors are reported but the directory tree is still ok, one can search for damaged data files by xorriso -for_backup -indev backup_clear.iso -check_md5_r SORRY / -- This can also be done if the ISO is on optical medium or on USB stick xorriso -for_backup -indev /dev/sr0 -check_media -- xorriso -for_backup -indev stdio:/dev/sdd -check_media -- The prefix "stdio:" is necessary because xorriso normaly refuses on drive addresses under /dev/ if they do not lead to a SCSI/MMC device. By the prefix you confirm that you want to use the /dev/ file like a normal data file. Recorded ACL and xattr can be listed by xorriso in the input format of programs setfacl(1) and setfattr(1). The can be restored together with the file data by xorriso if enabled by command -osirrox "on". Have a nice day :) Thomas
Re: [Trisquel-users] Help me burning encryped DVD with Luks
@scdbackup > Sorry, i did not yet find out how to mark code with indentation in this forum. Just simply use the tags between your commands (drop the space I have done in the tag to be displayed on the page). Thank you all for your answers. Of course HKR, There is still the possibility of using GPG very easily to encrypt files and do a back up on a cd or dvd. But when you have a whole folder filled with plenty of other folders or files, all you want to do is simply enter once a password and easily find the file you're looking for, or even open it from the software, just as you can do on a USB key or external HD encrypted with Luks. GPG is ok for single files. But a folder needs to be zip compressed then encrypted with GPG. That means you'll have to copy the zip file somewhere on you hard drive or wherever and decompress it . You can't use it for a whole DVD-R or even a CD-R because it's just too long. @MangyDog Yes, I already knew Tomb. But I'm surprised that Tomb is not in our repository. It sould be. After reading the man pdf of Tomb wibsite, the « engrave » command makes an image, but an image of the key that can be printed on paper and phisically stored as backup I'm not sure Tomb could really read a optical disc written from an .iso file where a .tomb This could be tested I have tried to open the gencryptdvd script as described by Magic, but it doesn't want to open. I've placed the .sh in /home and used the Root Terminal to check if nothing was wrong : The ls command dispayed gencryptodvd-0.2.sh in green when I allowed the file in the propetities to be used as a program. I haven't any « awk » warning, I only have a « command not found » adding a ./ before gencryptodvd makes an unexisting file warning. I precise sudo package is already installed on my laptop. I don't know if any of you succeed to make the script run. There can be an alternative with this http://ubuntuportal.blogspot.fr/2007/03/howto-encrypt-cddvds-in-ubuntu.html there is an alternate version http://www.upubuntu.com/2012/11/how-to-create-encrypted-cddvd-image.html 2 problems : if you can find aespipe, you won't find loop-aes-utils, and mkisofs sould be remplaced by xorriso. I tried this step : As recommanded by scdbackup I did a xorriso -as mkisofs but only got this answer : xorriso 1.3.2 : RockRidge filesystem manipulator, libburnia project. I started a $ xorriso -r backup | aespipe -e aes256 > backup.iso an got : xorriso 1.3.2 : RockRidge filesystem manipulator, libburnia project. xorriso : FAILURE : Not a known command: '-r' xorriso : FAILURE : Not a known command: 'backup' xorriso : aborting : -abort_on 'FAILURE' encountered 'FAILURE' Password: Maybe the begining of an answer ?
Re: [Trisquel-users] Help me burning encryped DVD with Luks
Hi, i could as well offer encryption on-the-fly by xorriso filters. :)) The directory tree would stay unencrypted and all data file content would become encrypted by an external filter program of the user's choice. (I advise to combine encryption with a compression program and to leave the well-known compression header unencrypted.) But i understood the original question more like "how can xorriso substitute for mkisofs ?". Now i see that there is also a run of cdrecord in the script. xorriso can interpret the used options: xorriso -as cdrecord -v -dao dev=$CDRECORDER speed=$BURNSPEED $ISO or xorrecord -v -dao dev=$CDRECORDER speed=$BURNSPEED $ISO Works with CD, DVD, and BD media. (wodim should get only CD media to burn.) Have a nice day :) Thomas
Re: [Trisquel-users] Help me burning encryped DVD with Luks
Thats a good point HKR ;-) Substance check Tomb out https://www.dyne.org/software/tomb/ & the video is well worth visioning
Re: [Trisquel-users] Help me burning encryped DVD with Luks
Why don't encrypt the files and after burn them ? It's more easy. no ?
Re: [Trisquel-users] Help me burning encryped DVD with Luks
Hi, (Sorry, i did not yet find out how to mark code with indentation in this forum.) xorriso has its own command language but also offers an interpreter for mkisofs options. It is either activated by command -as "mkisofs": xorriso -as mkisofs ...mkisofs.options.and.pathspecs... or by calling xorriso via its softlink name "xorrisofs": xorrisofs ...mkisofs.options.and.pathspecs... Not all options of mkisofs are supported. See "man xorrisofs" or http://www.gnu.org/software/xorriso/man_1_xorrisofs.html In case of the script gencryptodvd-0.2.sh.gz xorrisofs will not be able to perform option -dvd-video, which seems to be used automatically if a directory "VIDEO_TS" exists among the input files. So i would propose the following changes in the script: - Introduce a new variable MKISOFS_PROG which holds the actual program path, and a variable MKISOFS_EMUL_ARGS which holds the necessary emulation commands. The following values would make sense: MKISOFS_PROG=mkisofs MKISOFS_EMUL_ARGS= MKISOFS_PROG=genisoimage MKISOFS_EMUL_ARGS= MKISOFS_PROG=xorriso MKISOFS_EMUL_ARGS=" -as mkisofs" - Replace the occurences of "mkisofs" by the new variables: From eval nice mkisofs $MKISOFS -o $TMPISO $GRAFTPOINTS to eval nice "$MKISOFS_PROG" $MKISOFS_EMUL_ARGS $MKISOFS -o $TMPISO $GRAFTPOINTS (There is also an inactive code line #SIZE=$(eval nice mkisofs ... which should become #SIZE=$(eval nice "$MKISOFS_PROG" $MKISOFS_EMUL_ARGS ... I am in doubt what this line shall do. If it is about predicting the size of the result, then mkisofs option -print-size would avoid the full production run but rather end when normally writing would begin. It the prints the number of blocks to stdout.) - Install a refusal in the case that directory "VIDEO_TS" is found: From echo "detected dvd-video data structure" MKISOFS=$MKISOFS_ARGS_VIDEO to echo "detected dvd-video data structure" if echo "$MKISOFS_PROG" | fgrep "xorriso" >/dev/null then echo "SORRY: xorriso does no UDF and thus no dvd-video" exit fi MKISOFS=$MKISOFS_ARGS_VIDEO (Actually i doubt that the automatic recognition of "VIDEO_TS" is the right way. Such a directory may well be present in the input data of a backup run. I would rather introduce an option to the script which enables production of UDF for DVD video.) - Have a nice day :) Thomas
[Trisquel-users] Help me burning encryped DVD with Luks
Hi I'd like to do some encryped dvd back up and someone on the french trisquel forum suggested me this page : http://www.niemueller.de/software/scripts/cryptodvd/ You can download the script here http://www.niemueller.de/software/scripts/cryptodvd/gencryptodvd-0.2.sh.gz # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation; either version 2 of the License, or # (at your option) any later version. But I'm wondering if this could work and how It needs bash, sed, awk (we have original-awk), mkisofs (we have xorriso which is a ISO-9660 nanipulation tool) and wodim Where should I put gencryptodvd-0.2.sh ? Do I have to put it in /root/bin ? The script has to be run as root. What is the command to run it ? If anyone have a easier solution, it would be nice as well, but Luks encryption can be found on any linux distro. Thank you in advance for your help.
