Some encryption-related projects
David Zeuthen
david at fubar.dk
Mon Nov 15 01:35:27 UTC 2004
On Sun, 2004-11-14 at 13:16 -0600, W. Michael Petullo wrote:
> 3. Pam-keyring.
>
> The pam-keyring PAM module unlocks a GNOME keyring for a user using that
> user's login password. The idea behind pam-keyring is to make using
> GNOME keyrings as transparent as possible. Pam-keyring is available
> at http://flyn.org/projects/pam_keyring/index.html.
>
I think it would be awesome to get something like into the distro.
<snip>
> 5. Automounting encrypted removable filesystems.
>
> I would like to see encrypted removable filesystems handled as
> transparently as other removable media. Red Hat bug #133461
> discusses this a bit. I have done some experimentation with
> this and have a prototype working. However, my work contains
> a large kludge to get HAL to acknowledge dm-crypt filesystems
> properly. Documentation of this shortcoming may be found at
> http://freedesktop.org/pipermail/hal/2004-September/001051.html and
> http://marc.theaimsgroup.com/?l=linux-kernel&m=109937418210973&w=2.
>
I'm actually working on this; I found it requires some metadata on the
encrypted partition to work really well [1], but I think I got most of
the things sorted such that gnome-volume-manager can popup a dialog
asking for a passphrase when encrypted media is inserted. If the
passphrase is correct the media will automount; I'll post to the hal
mailing list about this when it has matured a bit (probably within a few
weeks).
Cheers,
David
[1] : e.g. to make hal detect that this is in fact an encrypted
filesystem; what cipher is used; to store a passphrase-protected
encryption key and so on. Fortunately, ext3 has room for such metadata
(the first 512 bytes are simply ignored) and vfat can be uhmm,
manipulated, to do the same.
More information about the fedora-devel-list
mailing list