Re: Some encryption-related projects

[David Zeuthen <david fubar dk>]

On Sun, 2004-11-14 at 13:16 -0600, W. Michael Petullo wrote:
> 3.  Pam-keyring.
> 
> The pam-keyring PAM module unlocks a GNOME keyring for a user using that
> user's login password.  The idea behind pam-keyring is to make using
> GNOME keyrings as transparent as possible.  Pam-keyring is available
> at http://flyn.org/projects/pam_keyring/index.html.
> 

I think it would be awesome to get something like into the distro.

<snip>

> 5.  Automounting encrypted removable filesystems.
> 
> I would like to see encrypted removable filesystems handled as
> transparently as other removable media.  Red Hat bug #133461
> discusses this a bit.  I have done some experimentation with
> this and have a prototype working.  However, my work contains
> a large kludge to get HAL to acknowledge dm-crypt filesystems
> properly.  Documentation of this shortcoming may be found at
> http://freedesktop.org/pipermail/hal/2004-September/001051.html and
> http://marc.theaimsgroup.com/?l=linux-kernel&m=109937418210973&w=2.
> 

I'm actually working on this; I found it requires some metadata on the
encrypted partition to work really well [1], but I think I got most of
the things sorted such that gnome-volume-manager can popup a dialog
asking for a passphrase when encrypted media is inserted. If the
passphrase is correct the media will automount; I'll post to the hal
mailing list about this when it has matured a bit (probably within a few
weeks).

Cheers,
David

[1] : e.g. to make hal detect that this is in fact an encrypted
filesystem; what cipher is used; to store a passphrase-protected
encryption key and so on. Fortunately, ext3 has room for such metadata
(the first 512 bytes are simply ignored) and vfat can be uhmm,
manipulated, to do the same.