Hi
Yes, this is a solution.
But my problem is to give a time-limit access at some files backed loop
with a key file distributed to specific allowed users. This acces must
be time-limited (from 1 to 3 week by a specific date). No public or
private key are available, there is only the gpg/pgp installation on
the host (yes I use this file also on other o.s.).
Is my explanation clearly? :)
I guess the/a solution to this depends on the exact circumstances (see
below)
I'd say the easiest 90-95% solution would be to NOT store the key on the
target system, but to get it from a server under YOUR control (so you
can be e.g. sure the clock is correct) everytime the filesystem is mounted.
I'd say the most secure way would be using a SSH-connection, if you
generate a key-pair for EVERY target system you have a quite good
secured link over which to transfer the key, you wouldn't even need a
gpg secured key. At least it doesn't need to be a gpg key while
transfered over the SSH-link to the target system.
In the easiest setup
ssh <...> <programm/script which outputs key> | mount -p0 ...
It would be quite secure against an external attacker with no access to
the target system or the server, but someone with enough knowledge and
access privileges on the target system would be no problem at all to
save the key to a file using the above command and later on use it a will.
So i suggest you first think about against what attacks you have to
"withstand", how resourceful a potential attacker is or may be, how much
control you have over the target system, how much is the value of the
information and how much is the cost or what are the risks when the
time-limits are violated and last but not least much inevitable risk is
acceptable(tm) as there is nothing like absolute security.
Bis denn
--
Real Programmers consider "what you see is what you get" to be just as
bad a concept in Text Editors as it is in women. No, the Real Programmer
wants a "you asked for it, you got it" text editor -- complicated,
cryptic, powerful, unforgiving, dangerous.
-
Linux-crypto: cryptography in and on the Linux system
Archive: http://mail.nl.linux.org/linux-crypto/
