Noll Janos wrote: > On 01-Apr-2002 Jari Ruusu wrote: > > This can be done in user space using GnuPG. A long and random session > > key is encrypted using each users public key. Users just need to type > > their personal GnuPG key to unlock the session key that is then piped > > to "losetup -p 0". > > Yes, I already do this, but there are some problems: > > 1. The session key traverses userspace, and thus, can be captured more > easily. And once someone knows the session key, he cannot be locked > out. Though this is only needed in very rare cases and setups. Non-root users don't have access to session key, if the GnuPG encrypted file is made root-only-readable and program that pipes that file's contents to gpg and losetup/mount is made setuid-root. > 2. It's not really solid, I mean, it needs a "second" (etc.) file. > If you encrypt a partition, you need to have the "second" file on a > separate partition. Although you could use the "offset=" switch and > embed the data into the beginning of the partition. Using additional files should not be a major problem to someone who really needs that kind of feature. > 3. It needs some scripting, hacking, external programs (like GPG) > -- which is fine, if you're a programmer, but might be too much for > "Average Joe" Writing such script or program should not be a major problem to anyone who knows what they are doing. > I was also thinking of implementing this in user-space, only then you'd > lose the ability to really "revoke" users' access to the encrypted space. > But then again, maybe a kernel level thing won't make this that harder. Revoking someone's access is just creating new GnuPG encrypted session key without that user's public key. > The top two scenarios I'd need session keys for is: > 1. if I'd have to change the password of the encrypted partition Users can change their GnuPG password any time they want. > 2. if there needs to be a very secretly kept "rescue" password for the > partition (think companies, or even, cautious individuals) Original root-only-access session key is such "rescue" password. Root uses this "rescue" password to create GnuPG encrypted version for the setuid-root program to read. > But, thinking of it, maybe an userspace tool would be totally > appropriate. Exactly. Regards, Jari Ruusu <jari.ruusu@pp.inet.fi> - Linux-crypto: cryptography in and on the Linux system Archive: http://mail.nl.linux.org/linux-crypto/
