Encrypting a multisession dvd

Discuss anything specific to using Puppy on a multi-session disk
Post Reply
Message
Author
Stripe
Posts: 658
Joined: Wed 23 Jun 2010, 05:18
Location: In a field. England

Encrypting a multisession dvd

#1 Post by Stripe »

Hi all

I am currently using various puppy's as thin clients (working totally in ram) from multi session DVDs, which allows me to use my desktop and settings on any PC.

Is there any way to password protect/encrypt the DVDs so that they would be useless to anyone else? (even if they looked at the DVDs from puppy or another OS) but still allow them to boot normally (apart from having to enter a password)

any ideas/help would be greatly appreciated
Stripe

User avatar
Flash
Official Dog Handler
Posts: 13071
Joined: Wed 04 May 2005, 16:04
Location: Arizona USA

#2 Post by Flash »

Interesting problem. Here are some thoughts. Or rather, wild guesses. :)

As a general approach, I suppose each session would have to be encrypted, either in one lump before it is saved, or on the fly, as it is written to the DVD.

It seems to me that encrypting the original session which contains the Puppy iso would cause great difficulty, but there's no need to encrypt the first session anyway, as it only contains the Puppy iso, which is already available to anyone who wants it. All that really needs to be encrypted is the contents of subsequent sessions. They contain the programs and settings which customize your Puppy, and anything else you've saved. So, how to encrypt those sessions, or which of several approaches might work best, and how to decrypt them when they are loaded into RAM, is the problem.

After isolinux (I think that's what the small Linux that loads first is called) loads the first (unencrypted) session into RAM from the DVD, loading the encrypted sessions from the DVD into RAM would require isolinux to run the decryption program as it reads them from the DVD. I suppose that could be done, but it means that isolinux would have to know when to run the decryption program. As each session is read from the DVD, it would be decryped on the fly by isolinux as it is loaded into RAM.

An identical encryption program would have to be in Puppy after it is running in RAM. This encryption program would be used to encrypt the sessions before they are burned onto the DVD. But that encryption program doesn't have to be in the original Puppy iso. It can be in one of the saved sessions.

gcmartin

In case of loss, how do I protect information

#3 Post by gcmartin »

Read your OP. It is very interesting indeed. Never have thought about what I would do if I lost my "Grand Funk Railroad" CD? How would I stop someone from watching it?

I know this is NOT about music CDs, but what you ask is how to protect removalble Live media from use.

So, I'm not sure, but did I remember that GRUB2/GRUB4DOS had the ability to read/boot encrypted? I do remember password protection, but, seems I read somewhere about booting encrypted "something???"

Hope this helps.
Last edited by gcmartin on Thu 09 Jun 2011, 15:17, edited 1 time in total.

gcmartin

Concerned about the OP question

#4 Post by gcmartin »

I have used PXES for many, many years. IT IS, to me, THE BEST x86 THIN CLIENT OS on the landscape.

I have never ever has a user need to save stuff on the desktop? Are you using Puppy to be a Thin Client where it only boots to a lock-down application for accessing your remote systems?

Let's us know. Because, if not, this is not a thin client.

Further, what systems are you connecting your thin clients to (Microsoft/LTSP/Citrix/HP/AIX/IBM mainframe...which)?

If you are wondering why I'm asking, its because I trying to understand what data you are most concerned abouit.

Stripe
Posts: 658
Joined: Wed 23 Jun 2010, 05:18
Location: In a field. England

#5 Post by Stripe »

Hi all

flash and gcmartin, thanks for some great ideas on the encryption of a multisession dvd I will look into them
Thanks

At the moment I am saving files that I may need elswhere/often to the dvd using Bcrypt or if it is a directory compressing it to tar.gz then encrypting it. (have not found how to encrypt a directory with bcrypt yet.) if it is a large file/directory I usualy save it to a seperate usb drive and encrypt it there. (so it dosnt get loaded into ram at boot up which is useful on ram limited hardware) also I have a mobile swap partition on the usb as well (again for using limited hardware/non linux systems without having to use a hard drive)

I always try to use puppy totaly in ram (for security and performance) without using a hard drive, (I thought this was a type of thin client, if not sorry for the confusion)

I run puppy as a live dvd (but with the exeption of a couple of save files so that my desktop preferences/installed software are loaded at boot) and I can quit any session without saving so that I can still boot to "my desktop" in its pristene state.

The main problem is that in our house me, my wife and daughter all use our own multisession dvd's so there is no arguments about who is on what machine, I am just trying to improve the security/privacy so nobody can use/read anyone elses dvd

sorry for the long post and hope this makes it a bit clearer

stripe

gcmartin

#6 Post by gcmartin »

Thanks @Stripe for clarifying your need.

Your use of Puppy is in its full distro mode. This is NOT a thin-client which technically means something completely different.

Yes, your use of Puppy is well understood. And, I have been running this way for all PUPs (i.e. Live media, usb/hdd SWAP, saving sessions back to Live media.)

I don't have the talents to modify PUPs as your needs request. But, here's a thought (I have used this for other additional directory needs on the Live media). If you
  1. create an encrypted directory chain, either, in PUP's filesystem or on HDD/USB/NAS
  2. Use that directory for saving your personal needs
  3. Before shutdown, use growisofs to write/rewrite the folder to your Live media
Although I have never attempted encrypsion, the growisofs has proven useful in the past for me.

Just a thought that might help for your LIve media needs I'm sure others will recommend alternatives. OR PUP may very well have a mechanism for addressing this encryption need now that we know what you are attempting.

Hope this helps.

User avatar
smokey01
Posts: 2813
Joined: Sat 30 Dec 2006, 23:15
Location: South Australia :-(
Contact:

#7 Post by smokey01 »

Stripe wrote:Hi all

At the moment I am saving files that I may need elswhere/often to the dvd using Bcrypt or if it is a directory compressing it to tar.gz then encrypting it. (have not found how to encrypt a directory with bcrypt yet.)

stripe

I don't think bcrypt will password protect directories that's why jamesbond and myself developed FolderEnc. Mind you, most of the credit goes to jamesbond.
http://www.smokey01.com/pets/FolderEnc-1.0.pet
Install the PET, Right click on a directory, Add encryption select type, type password twice, then click OK. Now your directory is encrypted. To hide access you close it. When it's closed, you can open it. Don't lose your password as there is no back door. If you want, you can even remove the encryption when it in the open state. All done with the right mouse key.

Enjoy.
Last edited by smokey01 on Sat 11 Jun 2011, 08:28, edited 1 time in total.

User avatar
Flash
Official Dog Handler
Posts: 13071
Joined: Wed 04 May 2005, 16:04
Location: Arizona USA

#8 Post by Flash »

Stripe, once you get the contents of a directory encrypted in RAM or on a HD, there is a way to save that directory onto your multisession DVD as a separate session which is not loaded when Puppy boots but is visible by mounting the DVD after Puppy boots (it shows as a directory in ROX when you mount the multisession DVD). You can even add stuff to the directory by using the same name for a subsequent directory which you save to the multisession DVD. When you use the same name, it only shows up as one directory when you mount the DVD, with everything in it that you've saved in all the sessions with the same name. I hope that makes sense. Try it on a rewritable DVD is the best way to see how it works. :)

See here and here for details.

I don't see why the encryption program wouldn't work to decrypt the contents of the encrypted session.

Stripe
Posts: 658
Joined: Wed 23 Jun 2010, 05:18
Location: In a field. England

#9 Post by Stripe »

Hi all

@smokey01, thanks for the link to the pet it seems to work great, thank you

@Flash, that looks like you have solved my main problems, with the new saved file/directory not loading at boot up it still alows for the maximum possible use of the available ram on limited hardware. I will try your method and report back.

thanks again everybody

stripe

Post Reply