From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from posta.msw.it (posta.msw.it [156.54.137.237]) by mail.server123.net (Postfix) with ESMTP for ; Wed, 18 Nov 2020 16:00:25 +0100 (CET) Received: from localhost (localhost [127.0.0.1]) by posta.msw.it (Postfix) with ESMTP id F2CE9520077 for ; Wed, 18 Nov 2020 16:00:07 +0100 (CET) Received: from posta.msw.it ([127.0.0.1]) by localhost (posta.msw.it [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id uosS6-wQ4nAq for ; Wed, 18 Nov 2020 15:59:52 +0100 (CET) MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII; format=flowed Content-Transfer-Encoding: 7bit Date: Wed, 18 Nov 2020 15:59:52 +0100 From: Davide Marchi Message-ID: <4b603ce69eb6ffeb676eea7faa9b6676@msw.it> Subject: Re: [dm-crypt] Encrypting DVD or CDROM from iso List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , To: dm-crypt@saout.de Hi to all and excuse me for delay but lately the life seems to me more complicated :-D Coming to us, I've repeat all procedure using Cryptsetup 2.3.3, with the same tutorial -> "http://www.sourcentral.org/luks/iso9660/" and the results seems the same, as you can see: > cryptsetup --debug -r luksOpen image.iso volume1 > # cryptsetup 2.3.3 processing "cryptsetup --debug -r luksOpen image.iso > volume1" > # Running command open. > # Locking memory. > # Installing SIGINT/SIGTERM handler. > # Unblocking interruption on signal. > # Allocating context for crypt device image.iso. > # Trying to open and read device image.iso with direct-io. > # Trying to open device image.iso without direct-io. > # Initialising device-mapper backend library. > # Trying to load any crypt type from device image.iso. > # Crypto backend (OpenSSL 1.1.1f 31 Mar 2020) initialized in > cryptsetup library version 2.3.3. > # Detected kernel Linux 5.8.0-25-generic x86_64. > # Loading LUKS2 header (repair disabled). > # Acquiring read lock for device image.iso. > # Verifying lock handle for image.iso. > # Device image.iso READ lock taken. > # Trying to read primary LUKS2 header at offset 0x0. > # Opening locked device image.iso > # Veryfing locked device handle (regular file) > # LUKS2 header version 2 of size 16384 bytes, checksum sha256. > # > Checksum:47874913fa24493aa71dc39d3ff41d1dc1f36719eea32c2fb1b6a1aef1a09ac9 > (on-disk) > # > Checksum:47874913fa24493aa71dc39d3ff41d1dc1f36719eea32c2fb1b6a1aef1a09ac9 > (in-memory) > # Trying to read secondary LUKS2 header at offset 0x4000. > # Reusing open ro fd on device image.iso > # LUKS2 header version 2 of size 16384 bytes, checksum sha256. > # > Checksum:29975a514962a03e116133c091e725a47e5b6ccb077cf6e1502a259618737297 > (on-disk) > # > Checksum:29975a514962a03e116133c091e725a47e5b6ccb077cf6e1502a259618737297 > (in-memory) > # Device size 16777216, offset 16777216. > # Device image.iso READ lock released. > # Only 2 active CPUs detected, PBKDF threads decreased from 4 to 2. > # PBKDF argon2i, time_ms 2000 (iterations 0), max_memory_kb 1048576, > parallel_threads 2. > # Activating volume volume1 using token -1. > # Interactive passphrase entry requested. > Enter passphrase for image.iso: > # Activating volume volume1 [keyslot -1] using passphrase. > # dm version [ opencount flush ] [16384] (*1) > # dm versions [ opencount flush ] [16384] (*1) > # Detected dm-ioctl version 4.42.0. > # Detected dm-crypt version 1.21.0. > # Device-mapper backend running with UDEV support enabled. > # dm status volume1 [ opencount noflush ] [16384] (*1) > # Keyslot 0 priority 1 != 2 (required), skipped. > # Trying to open LUKS2 keyslot 0. > # Reading keyslot area [0x8000]. > # Acquiring read lock for device image.iso. > # Verifying lock handle for image.iso. > # Device image.iso READ lock taken. > # Reusing open ro fd on device image.iso > # Device image.iso READ lock released. > # Verifying key from keyslot 0, digest 0. > # Loading key (64 bytes, type logon) in thread keyring. > # dm versions [ opencount flush ] [16384] (*1) > # dm status volume1 [ opencount noflush ] [16384] (*1) > # Allocating a free loop device. > # Trying to open device /dev/loop6 without direct-io. > Requested offset is beyond real size of device image.iso. > # Requesting keyring logon key for revoke and unlink. > # Releasing crypt device image.iso context. > # Releasing device-mapper backend. > # Closing read only fd for image.iso. > # Closed loop /dev/loop6 (image.iso). > # Unlocking memory. > Command failed with code -1 (wrong or missing parameters). I've not tested jet the Carlos way, but in the next days I will let you know: "Carlos E. R." ha scritto: > Hum. I created encrypted DVD years ago with a similar procedure, > somewhat simpler. Basically, I created an empty file of the same size > as > the CD or DVD, mounted it as a loop device, then I encrypted that loop > device, and then I formatted the resulting luks device with any > filesystem type I wished, typically XFS. > > This, so far, still works. > > Then I just burn that file to DVD. and "Milan Broz" ha scritto: > Are you sure that your *.iso image was correctly created? It seems to > me that > it is just LUKS header without data (that's why "beyond offset" error). > > Milan No I'm not sure, indeed I think it's as you say. And I think this is a block size problem almost certainly! Eventually if you have any other way, maybe tested by you, for the creation of encrypted cdroms/cdvs, would you please me ;-) Many thanks! Davide