[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: Crypto file systems using ext3



commence  Chris Howells quotation:

> On Monday 01 April 2002 12:06 am, Sean Neakums wrote:
>> I'm using a simple script with gnupg so that I can use decently-sized
>> keys for the FSes.  Odds are that you won't be able to remember
>
> That sounds pretty clever. Would you mind sharing it with the world? :)

Sure thing, here it is:

#!/bin/bash

while read i ; do
    MOUNT_POINT=$(echo $i | cut -f1 -d:)
    DEVICE=$(echo $i | cut -f2 -d:)
    KEY_FILE=$(echo $i | cut -f3 -d:)
    CIPHER=$(echo $i | cut -f4 -d:)
    KEY_BITS=$(echo $i | cut -f5 -d:)

    echo "$MOUNT_POINT ($DEVICE)"
    if [ ! -r $KEY_FILE ]; then
        echo $KEY_FILE does not exist; skipping $DEVICE
        continue
    fi
    KEY=$(gpg --decrypt < $KEY_FILE)
    if [ $? -ne 0 ]; then
        echo Error decrypting $KEY_FILE; skipping $DEVICE
        continue
    fi
    echo Attempting to mount $DEVICE on $MOUNT_POINT
    echo $KEY | mount -oloop,encryption=$CIPHER,keybits=$KEY_BITS -p 0 $DEVICE $MOUNT_POINT
done
# end of mount-encrypted-volumes

It expects to be fed a file where each line looks like this:

/home:/dev/vg_main/lv_home_e:/root/home-volume-key:blowfish:256

The key file should be any file that gpg can decrypted with a secret
key on the keyring of the user running the script (most likely root).
The decrypted file should be a single line.  I use four concatenated
md5sums of four blocks of data from /dev/random as my keys.  Here is
the script I use:

#!/bin/bash

TMPFILES=($(mktemp) $(mktemp) $(mktemp) $(mktemp))

for i in "${TMPFILES[ ]}"; do
    echo -n Reading 256 bytes from /dev/random... 1>&2
    dd if=/dev/random of="$i" bs=256 count=1 >/dev/null 2>&1
    echo done. 1>&2
done

KEY=""

for i in "${TMPFILES[ ]}"; do
    KEY="$KEY$(md5sum "$i" | cut -f1 -d\ )"
done

echo $KEY

for i in "${TMPFILES[ ]}"; do
    rm -f "$i"
done
# end of file make-key

I just made up all this stuff as I went along, so there may be flaws I
have not considered.  In fact, I would be surprised if there were not.

-- 
 /////////////////  |                  | The spark of a pin
<sneakums zork net> |  (require 'gnu)  | dropping, falling feather-like.
 \\\\\\\\\\\\\\\\\  |                  | There is too much noise.





[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]