-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On Mon, 15 Jul 2002, Jari Ruusu wrote:
> Robert Stark wrote:
> > If I boot an unencrypted partition, I can mount the other encrypted
> > paritions with my userkey,GnuPG key. But when I encrypt also the root
> > partition with the key's and try to restart then it don't work.
> >
> > I get an error message after typing my passphrase of my GnuPG-key
> > "unable to allocate memory". With an encrypted root partition only secured
> > with a passphrase and some salt it work's great.
>
> Short answer: Don't use GnuPG-key to encrypt root partition.
Why ?
> Long answer: When using GnuPG-key to losetup or mount a partition, losetup
> and mount programs rely on presense of gpg program binary, /etc/passwd and
> $HOME/.gnupg/* files. These will not be present in the super-small
> /boot/initrd.gz created by running build-initrd.sh shell script. The "unable
> to allocate memory" message is a result of losetup not being able to read
> user's home directory from /etc/passwd using "getpwuid(getuid())".
build-initrd.sh:
- ------------------------------------------
static char * envp_init[] = { "HOME=/","GNUPGHOME=/lib","TERM=linux", 0, };
^^^^^^^^^^^^^^
NOTICE: I know that INIT starts after encrypting root partition
- ------------------------------------------
buf[0] = 0;
strCat(buf, "/lib/${LOSETUPPROG} -e ${CIPHERTYPE} \
-K /lib/userkey.gpg -G /lib ${PSEED} \
/dev/loop${DEVFSSLASH1}${ROOTLOOPINDEX} ${CRYPTROOT}");
if(exeWait(buf)) {
if(++x >= 5) goto fail3;
goto tryAgain;
}
NOTICE: $GNUPGHOME in /lib isn't very secure. The keyring is better stored
on a removeable media.
- ------------------------------------------------------------------
mkdir bin dev etc lib
^^^ ^^^
cp /etc/passwd etc/
cp /etc/shadow etc/
cp /usr/local/bin/gpg bin/
cp ~/.gnupg/* lib/
^^^^^^^^^^^^^^^^^
and all librarys of gpg
> GnuPG-key mount is intended to be used in multiuser mode only with all above
> mentioned files present. I will update loop-AES' README and man pages to say
> that.
>
Sure that it must be multiuser mode ?
Robert Stark
- -----------------------------------------------------
my gpg-key can be found at this location -->
<http://www.mentalbox.org/thefragile/pks/thefrag.asc>
- -----------------------------------------------------
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (GNU/Linux)
iD8DBQE9M79qmSoJ6yS8v8oRAmjQAKC5d2XmTDAJfE93+QLwiZ9FIOH1OwCbBXar
+F5cKOoeilaJebA96lPBI6I=
=UPvj
-----END PGP SIGNATURE-----
-
Linux-crypto: cryptography in and on the Linux system
Archive: http://mail.nl.linux.org/linux-crypto/
