Hi When i use a key-file that is only 'gpg --store -a', for e.x. because the key-file is stored inside an encrypted filesystem that is currently mounted, mount still asks for a Password where anything can be typed. What makes this not beautiful is that it can only be short-circuited with -p <whatever>. But that doesn't fly with autofs map-type rule. You can only provide "-o <whatever>" options that are passed down to mount. Naturally redirecting stderr isn't possible either. The mount succeeds, because nothing can be read from STDIN as i guess there is no STDIN, so the mount continues. But every time an encrypted automount happens i get an ugly ... automount[1441]: >> Password: line in syslog. an example of a map-type rule (stripped down to into 72 chars): test -fstype=xfs,encryption=aes128,gpgkey=/tmp/key.gpg :/dev/sda4 So i tested a bit. With: gpg --passphrase '' &>/dev/null < key.gpg and a look at the errorlevel it can tested if a key can be decrypted without a passphrase. So my feature-wish would be: Test if a key can be decrypted without a password and don't ask for one if none is need and/or add a another parameter to losetup and a "-o"-type option for mount, so that it can be explicitly specified that a key is only stored Bis denn -- Real Programmers consider "what you see is what you get" to be just as bad a concept in Text Editors as it is in women. No, the Real Programmer wants a "you asked for it, you got it" text editor -- complicated, cryptic, powerful, unforgiving, dangerous. - Linux-crypto: cryptography in and on the Linux system Archive: http://mail.nl.linux.org/linux-crypto/
