Jari Ruusu wrote:
> Noll Janos wrote:
> > 1. The session key traverses userspace, and thus, can be captured more
> > easily. And once someone knows the session key, he cannot be locked
> > out. Though this is only needed in very rare cases and setups.
>
> Non-root users don't have access to session key, if the GnuPG encrypted file
> is made root-only-readable and program that pipes that file's contents to
> gpg and losetup/mount is made setuid-root.
>
[snip]
>
> > 3. It needs some scripting, hacking, external programs (like GPG)
> > -- which is fine, if you're a programmer, but might be too much for
> > "Average Joe"
>
> Writing such script or program should not be a major problem to anyone who
> knows what they are doing.
I wrote a script to create setuid-root executable program. That script is
attached. Setuid-root code needs to be a program, because Linux ignores the
SUID and SGID bits on scripts. Here is an example of how it can be used:
Create random session key and encrypt that key using root's (in this case
Jari Ruusu's) GnuPG public key.
umask 077
dd if=/dev/urandom bs=45 count=1 2>/dev/null | uuencode -m - | head -2 \
| tail -1 | gpg -e -a -r "Jari Ruusu" > /root/masterkey-secret1.gpg
Use random session key to setup /dev/loop0 to partition /dev/hda666 and
create encrypted ext2 file system.
gpg --decrypt < /root/masterkey-secret1.gpg \
| losetup -p 0 -e AES128 /dev/loop0 /dev/hda666
mkfs -t ext2 /dev/loop0
losetup -d /dev/loop0
Create a mount point for encrypted partition.
mkdir /secret1
Build setuid-root executable program to read root-only-readable
/etc/userkey-secret1.gpg file and to pipe its contents through
"gpg --decrypt" to "mount -p X /secret1". /secret1 is the mount point where
filesystem is to be mounted. /usr/local/bin/gpgmount-secret1 is the created
setuid-root executable program.
./build-gpgmount.sh /etc/userkey-secret1.gpg /secret1 /usr/local/bin/gpgmount-secret1
Add mount information to /etc/fstab file. Something like this:
/dev/hda666 /secret1 ext2 defaults,user,noauto,encryption=AES128,loop=/dev/loop0 0 0
Create root-only-readable /etc/userkey-secret1.gpg file which contains
session key encrypted with each user's public key. List all users as
recipient who should be able to mount /secret1 encrypted partition. Repeat
this every time you want to add or remove users.
umask 077
gpg --decrypt < /root/masterkey-secret1.gpg \
| gpg -e -a --always-trust -r "John Doe" -r "Tea Lipton" > /etc/userkey-secret1.gpg
Users can mount encrypted partition like this. GnuPG asks for passphrase to
unlock user's secret key.
gpgmount-secret1
Regards,
Jari Ruusu <jari.ruusu@pp.inet.fi>
Attachment:
build-gpgmount.sh.gz
Description: GNU Zip compressed data
-----BEGIN PGP MESSAGE----- Version: 2.6.3ia Comment: http://loop-aes.sourceforge.net/PGP-public-key.asc iQCVAwUAPKswozMKg0M6Ig9RAQFnlAQAg28uyuxZbmwyux88EIOfeIYrnyvbM5KH xN2uAzNyb3gNR6SmNI5zwLV27ax2Oya9jdRFbnuTTv/vnD+7AwRRymP1KZhhZkNT 2jMBayKQUTXCN+JzbNP5Kzu2NpGOY/B/8LkeLF1xLWpY0FloEits8spY1CfigMVA uNbju1lZlfY= =qYMu -----END PGP MESSAGE-----
