- Create an empty container large enough for the iso image:
dd if=/dev/urandom of=image.iso bs=512 count=2048
dd if=/dev/urandom of=image.iso bs=512 count=1 seek=1m
- take a free loop device (check with
losetup /dev/loop2) and create a blockdevice from our image file:
losetup /dev/loop2 image.iso
- Now format the loop device as luks container:
cryptsetup luksFormat /dev/loop2
(luksFormat is know as luksInit in versions prior 1.0)
- Create a new mapping for the encrypted loopdevice:
cryptsetup luksOpen /dev/loop2 volume1
(This creates /dev/mapper/volume1)
- Now create your iso filessystem using mkisofs and write it to the mapped device:
mkisofs -lots-of-options /my/data/ | dd of=/dev/mapper/volume1 bs=512
(The number dd reports is important for further calculations!)
- Now calculate the overhead of the luks container:
echo $(( `blockdev --getsize /dev/loop2` - `blockdev --getsize /dev/mapper/volume1` ))
Now add the size dd reported and you know where to truncate (used as $SIZE later)
- For safety reasons, remove mapping and loopdevice:
dmsetup remove volume1 ; losetup -d /dev/loop2
- replace $SIZE with sum of size dd reported and the luks overhead:
dd if=image.iso of=image.iso bs=512 count=0 skip=$SIZE seek=$SIZE
- Now you can map the iso image again to see if it really works (readonly this time):
losetup /dev/loop2 image.iso
cryptsetup -r luksOpen /dev/loop2 volume1
Now unmap again an burn the image with cdrecord any other tool you burn your isos.
- Access the encrypted CDROM or encrypted DVD
- With latest cryptsetup it is possible to access your CDROM or DVD without using a loop device
cryptsetup -r luksOpen /dev/cdrom cryptcd
Make sure that -r is given.
The box you try this has to support the selected encryption algorithms.
This 
Projects