Add copy protection to CDs in Linux

Q With Windows, there are commands in Nero and other software that enable you to put copy protection on to the CD-ROMs that you make. Is there such a command with Linux?

A If by "copy protection" you mean the sort of thing that commercial CDs have, the answer appears to be no. The idea of restricting copying is anathema to free software. However, if you want to encrypt your data to protect it from prying eyes, such as when backing up personal files, the answer is yes. You might have come across an application called Cdrecord, which is the CD-writing back-end used by most CD programs. There is a patch for this available to add encryption of the data as it is written to disc. Most distros do not include the patched version of Cdrecord (which is contained in a package called cdrtools), but you can tell if your copy includes encryption with

cdrecord --version

If this does not state that encryption is included you will have to patch and build it yourself. This is a fairly simple process: download the Cdrtools source from ftp://ftp.berlios.de/pub/cdrecord and the matching patch from http://burbon04.gmxhome.de/linux/CDREncryption.html, then execute the following commands as root:

tar xjf cdrtools-VERSION.tar.bz2
zcat cdrtools-VERSION-encrypt-1.0.diff.gz |
patch -p0
cd cdrtools-VERSION
make
make install

You will need the GCC compiler and associated tools to do this; installing the gcc package should pull in everything you need. Now you can create an encrypted CD by adding -encrypt -encpass=ahardtoguesspassword to the cdrecord command. If you are using a GUI CD-burning program, such as K3b, you can add arguments to Cdrecord in the program's preferences. Store the password in a file and use -encpassfile instead of -encpass if you prefer. Keeping the password file on a USB key would improve security. Reading the encrypted CD requires that you have dm-crypt support in your kernel (you almost certainly will have) and the cryptsetup package installed. Mounting the disc is a two-stage process:

cryptsetup -r -c aes -s 256 -h sha256 create ecdrom /dev/cdrom
mount /dev/mapper/ecdrom /mnt/cdrom

You could put these commands in a script to save typing them every time. If you have your password in a file, add --key-file /path.to/key to the cryptsetup command to save typing in the password. Unmounting follows a similar process:

umount /mnt/cdrom
cryptsetup remove ecdrom

Back to the list