The plan is as follows:
- Use TrueCrypt to create one huge file of encrypted volume.
- I use ext2 file system on encrypted volume (I don't plan to use it often, thus ext3 journaling features just occupy space, FAT does not remember Linux permissions and has file size limitations and I don't care about Windows -- it's a backup of serious toys after all).
- Copy your stuff to the encrypted volume. Consider Back In Time for friendly incremental backup.
- Unmount the volume and burn it as a single huge file.
The problem is how to find the largest encrypted volume that can fit onto single DVD, be mountable and readable in place without extra copying it to hard drive.
I use DVD+R SL of size 4.700GB (4.4GiB), or 4,700,372,992B (2295104 extends of 2048B)
DVD-R SL have some extra 6MB, so please check what you have.
There are at least two possible solutions:
1) burn the encrypted volume directly onto DVD medium without extra file system layer.
This has a disadvantage that the disc will not be recognized and will not be mounted automatically (the filesystem is neither Joliet, nor Rock Ridge nor UDF, but of encrypted ext2 as I created above). Moreover OS may struggle with it for a while it tries all possible file system drivers it has, and eventually fail for obvious reasons.
The advantage is that one can use full 4.700GB (4.4GiB), or 4,700,372,992B (tell 4590208 [KB] to TrueCrypt), and nobody except you can tell what the content of the disk is.
I used GnomeBaker to burn the encrypted volume as an ISO image (yes, just plain raw file copy). The alternative is command line:
dd if=backup.tc of=/dev/hda obs=32k seek=0
(where /dev/hda is your DVDRW device and the disk is not mounted; you may also need root permissions to do this).
Then you can poke dd with "kill -USR1 $ddpid" to inspect progress.
K3B failed on me for some reason after sending cue information (perhaps just bad luck, perhaps it was wrong).
I read that Nautilus verifies the ISO structure, and thus will probably fail, since it is not normal DVD filesystem, and maybe K3B is also being too smart in a similar way.
Then mounting should be done within TrueCrypt by specifying your DVD device as a file:
/dev/hda
There are three popular file systems on DVD: Joliet, Rock Ridge and UDF.
Joliet and Rock Ridge have a limitation of 2GB per file.
UDF limit is of order of several TB, thus this is the only viable option for now. UDF seems to have an overhead of at least 856,064B (418 extends/sectors of 2048B), thus the largest file size for DVD+R SL can be 4,699,516,928B.
Note that TrueCrypt asks for KiB, thus enter 4589372 [KB]
I tried the following programs to burn:
GnomeBaker -- insists on using Joliet and/or Rock Ridge, thus complains about files larger 2GB and fails.
Brasero and Nautilus -- also failed on me.
K3B has many options:
make sure to choose UDF (very large files) and unselect Joliet and Rock Ridge (otherwise the process will fail eventually),
choose growisofs as writing app (cdrecord failed on me).
K3B also has an overburn feature (see Options->Configure->Advanced) and I managed to get a working DVD with 4,699,734,016B file, even though the burning process issued an error at the end, but I prefer not to risk my encrypted bits...
I've got a reading performance of 7MB/s from such DVDs (I think it spins at 8-16x speed and read is almost completely linear, i.e. no jumping laser sounds, so encryption is not a bottleneck).
That's all.
N.B. the following can be used in experimentation to create big files containing zeros and not taking space:
dd if=/dev/zero of=imagefile bs=1024 seek=4589799 count=1
No comments:
Post a Comment