dvd cd encrypt ubuntu

Install the required packages:

sudo apt-get install aespipe mkisofs loop-aes-utils

mkisofs -r backup | aespipe -e aes256 > backup.iso

or

mkisofs -r backup | aespipe -e aes128 > backup.iso

If needed load these

sudo modprobe aes sudo modprobe cryptoloop
test the iso if needed.


sudo mount -t iso9660 backup.iso /mnt/iso -o loop=/dev/loop0,encryption=aes128 sudo mount -t iso9660 backup.iso /mnt/iso -o loop=/dev/loop0,encryption=aes256

Now burn the ISO

Put the CD/DVD in the drive and then
sudo mount -t iso9660 /dev/cdrom /mnt/iso -o loop=/dev/loop0,encryption=aes256


More tips at http://loop-aes.sourceforge.net/aespipe.README


3.2. Example 2 - Encrypted archive with gpg-encrypted key file
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Create 65 random encryption keys and encrypt those keys using gpg. Reading
from /dev/random may take indefinitely long if kernel's random entropy pool
is empty. If that happens, do some other work on some other console (use
keyboard, mouse and disks). Use of gpg-encrypted key file depends on
encrypted swap.

head -c 3705 /dev/random | uuencode -m - | head -n 66 | tail -n 65 \
| gpg --symmetric -a >mykey1.gpg

Write files to bzip2 compressed, encrypted tar archive. aespipe asks for
passphrase to decrypt the key file.

tar cvf - files... | bzip2 | aespipe -w 10 -K mykey1.gpg >archive.aes

Restore files from bzip2 compressed, encrypted tar archive. aespipe asks for
passphrase to decrypt the key file.

aespipe -d -K mykey1.gpg

3.3. Example 3 - Encrypted CD-ROM
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Create 65 random encryption keys and encrypt those keys using gpg. Reading
from /dev/random may take indefinitely long if kernel's random entropy pool
is empty. If that happens, do some other work on some other console (use
keyboard, mouse and disks). Use of gpg encrypted key file depends on
encrypted swap.

gpg encrypted key file is recorded to first 8192 bytes of the CD-ROM. Key
file does not use all of 8192 bytes so remaining part of the 8192 bytes is
padded with newlines.

yes "" | dd of=image.iso bs=512 count=16
head -c 3705 /dev/random | uuencode -m - | head -n 66 | tail -n 65 \
| gpg --symmetric -a | dd of=image.iso conv=notrunc

Create encrypted ISO9660 CD-ROM image that can be mounted using Linux
loop-AES crypto package version 3.0a or later:

mkisofs -quiet -r directory-tree | aespipe -K image.iso -O 16 >>image.iso

This image file can then be mounted under Linux like this:

mount -t iso9660 image.iso /cdrom -o loop=/dev/loop0,encryption=AES128,gpgkey=image.iso,offset=8192

Or, after writing image.iso to CD-ROM, like this:

mount -t iso9660 /dev/cdrom /cdrom -o loop=/dev/loop0,encryption=AES128,gpgkey=/dev/cdrom,offset=8192

Or, if this line is added to /etc/fstab file:

/dev/cdrom /cryptcd iso9660 defaults,noauto,loop=/dev/loop0,encryption=AES128,gpgkey=/dev/cdrom,offset=8192 0 0

Then encrypted CD-ROMs can be mounted and unmounted like this:

mkdir /cryptcd
mount /cryptcd
umount /cryptcd

In above mount cases the mounted device name must be identical to gpgkey=
definition and offset= must be specified. That condition is special cased
inside mount and losetup programs to prevent gpg from reading all of cdrom
contents when gpg is decrypting the key file.

If you ever need to extract unencrypted image of encrypted CD-ROM, you can
do that like this:

dd if=/dev/cdrom bs=8192 count=1 of=key.gpg
dd if=/dev/cdrom bs=8192 skip=1 | aespipe -d -K key.gpg -O 16 >clear.iso

Latter of above dd commands may cause some kernel error messages when dd
command attempts to read past end of CD-ROM device.