[ale] A little tip: encrypted filesystems on optical media

Michael B. Trausch mike at trausch.us
Mon Oct 18 18:30:17 EDT 2010


Not sure how many people are actually aware of the fact that you can use
an arbitrary filesystem on optical media, but you can.  I'm guessing
that more people on this list know that than the average, of course.
But still.  :)

I sometimes need to move directory trees off my HDD, just because of the
fact that it gets cluttered, or it's something that I need to retain (or
that I think I need to retain) but it's not something that I want to
keep on the drive, or whatever.  For the most part, burning a normal ISO
9660 filesystem with RR extensions works well enough.

However, sometimes I want to burn a disc that is encrypted and I want to
use a real filesystem that can hold EAs and so forth (or, in the case of
btrfs, my currently favorite FS, the ability to have REALLY efficient
snapshots/COW files/etc. and store more on disk than actually fits).
I'm not sure what other distributions do these days, and I know that it
used to be the case that Ubuntu would not do this, but now you can
easily and automagically mount encrypted DVD media.

Simple:

  $ dd if=/dev/zero of=dvd.img bs=2048 count=1 seek=2289423
  $ DVD_LOOP=$(sudo losetup -f --show dvd.img)
  $ sudo cryptsetup luksFormat $DVD_LOOP
  $ sudo cryptsetup luksOpen $DVD_LOOP dvd-img
  $ sudo mkfs.btrfs /dev/mapper/dvd-img -L 'label'
  $ sudo mount /dev/mapper/dvd-img /mnt
   ... copy your stuff ...
  $ sudo umount /mnt
  $ sudo cryptsetup luksClose dvd-img
  $ sudo losetup -d $DVD_LOOP
  $ growisofs -Z /dev/sr0=dvd.img

Et voilà, you have an encrypted DVD with btrfs.  Of course you can use
whatever filesystem you want.  And you can save burning time by making
the DVD image smaller if you know that you're not using the whole 4.4 GB
of storage (or are burning a CD or whatever).

Anyway, I thought that I'd just throw this out there since it's
something I find myself doing a decent amount of the time.

Oh, and obviously I'm not giving any consideration to the notion of data
portability to Windows (though presumably it should be possible to use
FAT or UDF or ISO 9660 inside of LUKS on optical media if one installs
the Windows LUKS drivers that I've heard exist somewhere...)

	--- Mike



More information about the Ale mailing list