Encrypted CD/DVD

Kernel config required:

Device drivers -> Block devices -> Loopback device support
Device drivers -> Multi-device support (RAID and LVM)
-> Multiple devices driver support (RAID and LVM)
-> Device mapper support
-> Crypt target support
Cryptographics options -> Cryptographic API
AES cipher algorithms, module "cipher-aes"

Creating encrypted CD/DVD iso based on normal .iso file

1. Create or get .iso file (in our example we use "image.iso").

2. Now loop setup:

#losetup /dev/loop3 image.iso

3. Now the cryptsetup, asks a passphrase (you should remember it later, otherwise you can't decrypt it.)

# cryptsetup -y -c aes -h ripemd160 -s 256 create cryptiso /dev/loop3

4. ISO (attached to loop) content conversion to crypted dm. (DO NOT INTERRUPT FOLLOWING PROCEDURE! CAUSES BROKEN IMAGE AND NO WAY BACK!)

#cat image.iso > /dev/mapper/cryptiso

5. Deactivaton procedures (opposite procdeures for cryptsetup & losetup).

# dmsetup remove cryptiso
# losetup -d /dev/loop3

6. image.iso is now in encrypted format and all what you have to do is write it on blank cd/dvd media as normal iso.
example:

# growisofs -dvd-compat -Z /dev/dvdrw=image.iso
NOTE: /dev/dvdrw should be sr0 or something else. Depends of your system.

Mounting encrypted CD/DVD

1. loopsetup, cryptsetup and mount (cryptsetup procedure asks the passphrase for decryption).


# losetup /dev/loop5 /dev/cdrom
# cryptsetup -c aes -h ripemd160 -s 256 create decryptiso /dev/loop5
# mount /dev/mapper/decryptiso /mnt/dvd

Do not forget to umount later!

# umount /mnt/dvd
# dmsetup remove decryptiso
# losetup -d /dev/loop5