Live encripted ISO (without userinput of a password)

Results 1 to 4 of 4

Thread: Live encripted ISO (without userinput of a password)

  1. #1
    Join Date
    Oct 2022

    Live encripted ISO (without userinput of a password)

    Hello I have a question that might not be easy to understand or to answer.

    I am trying to build a live OS to run a custom aplication.
    For that I am using:
    1) debootstrap/chroot to build/assemble the a minimal Linux OS
    1.1) Install a kernel
    1.2) Configure and install all the packadges needed
    1.3) Add all the custom application files and scrips
    2) mksquashfs to make the image
    3) xorriso to make the iso

    But I need to protect the custom aplication files (or at least make it dificult to access and read them)

    Is there a way to encript the ISO and allow it to run without the user having to input the password?
    If there is can you give me any pointers on how to do that?

    Thank you.

  2. #2
    Join Date
    Oct 2022
    No ideas?

  3. #3
    Join Date
    Jun 2023
    Encrypting the ISO and allowing it to run without the user having to input a password can be a complex task. While it's challenging to provide a comprehensive solution within the scope of this text-based conversation, I can give you some pointers to help you get started:

    Disk Encryption: One approach is to encrypt the entire file system within the ISO image. Tools like LUKS (Linux Unified Key Setup) can be used for disk encryption. The user would need to input the password to unlock the encrypted file system during the boot process.

    Encrypted File Container: Another option is to create an encrypted file container using tools like VeraCrypt. You can create a container file that holds the custom application files and scripts, and then mount the container during runtime. The user would need to input the password to access the contents of the encrypted container.

    Key Management: To enable automatic decryption without user input, you could explore options like storing the encryption key securely on a separate device (e.g., USB drive) that is plugged into the system during boot. This way, the key is provided automatically without requiring user interaction.

    It's important to note that implementing strong encryption and ensuring the security of your system requires expertise in cryptography and system administration. Consider seeking advice from security professionals and thoroughly testing the security measures you implement.

    Additionally, keep in mind that no security measure is foolproof, and determined attackers can potentially find ways to access encrypted files. Balancing security and convenience is crucial, and it's recommended to follow best practices and regularly update and maintain the security of your custom application and underlying OS.

  4. #4
    Join Date
    Sep 2023
    Encrypting the ISO is a solid idea
    to allow it to run without needing a password from the user, you can use tools like cryptsetup for encryption and decryption

    use cryptsetup to encrypt the files. it'll prompt you for a passphrase, and you can use that passphrase to decrypt the files later when needed
    set up a script in the initramfs to prompt for the passphrase and decrypt the files during boot. this way, the user won't need to input a password
    modify the bootloader (like GRUB) to pass any needed parameters or call the decryption script
    incorporate these changes into your build process using mksquashfs and xorriso to create the final encrypted ISO

    and remember, you'll need to dive into specific commands, configurations, and scripts to make it work smoothly

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts