Matthias Schniedermeyer wrote:
> > This problem can be summarized as: You don't want to configure your
> > automounter to pass -p command line parameter to mount. The fix is:
> > Reconfigure your automounter. Problem solved.
>
> No. In the used configuration the automounter just only supports passing
> "-o"-options. AND in a configuration where the automounter would support
> it, i would lose the 'ghosting' feature where all possible mount-point are
> shown, regardless if they currently are mounted or not. I'm a
> commandline-person and i would loose TAB-completition, which i dislike
> like hell.
Ok, ok.
It wasn't a big change. 22 code lines changed, not counting documentation
changes. It was a matter of adding a mount option and open/close a file,
otherwise it uses existing code paths. Now mount has a new mount option
'cleartextkey' which specifies a file that holds 65 lines of key data, i.e.
unencrypted contents of gpg encrypted key file. Some examples follows.
First 8192 bytes of each floppy contains gpg encrypted key file. Passphrase
to decrypt each key file is read from /tmp/clearpassphrase file which must
reside on encrypted file system or be otherwise made unavailable to
adversary. Passphrase to decrypt each key file must be same for all
floppies. Encrypted file system starts at 8192 byte offset:
mount -t ext2 /dev/fd0 /floppy -o encryption=AES128,loop=/dev/loop0,\
gpgkey=/dev/fd0,offset=8192,cleartextkey=/tmp/clearpassphrase
/etc/fskey-fd0.gpg file is gpg encrypted key file which is shared for all
floppies (not good security). Passphrase to decrypt that key file is read
from /tmp/clearpassphrase file which must reside on encrypted file system or
be otherwise made unavailable to adversary. Passphrase to decrypt that one
key file is same for all floppies:
mount -t ext2 /dev/fd0 /floppy -o encryption=AES128,loop=/dev/loop0,\
gpgkey=/etc/fskey-fd0.gpg,cleartextkey=/tmp/clearpassphrase
Unencrypted 65 lines of key data is read from /tmp/clear65lines file which
must reside on encrypted file system or be otherwise made unavailable to
adversary. No gpg involved here. Same loop encryption keys used for each
floppy (not good security).
mount -t ext2 /dev/fd0 /floppy -o encryption=AES128,loop=/dev/loop0,\
cleartextkey=/tmp/clear65lines
A patch that can be applied on top of loop-AES patch for util-linux-2.12r
and util-linux-2.13-pre7 is attached. Works ok on my test box. Please let me
know if this solves or doesn't solve your problem.
--
Jari Ruusu 1024R/3A220F51 5B 4B F9 BB D3 3F 52 E9 DB 1D EB E3 24 0E A9 DDAttachment:
util-linux-cleartextkey.diff.bz2
Description: Binary data
-----BEGIN PGP SIGNATURE----- iQCVAwUARda85zMKg0M6Ig9RAQI4owP8D0nqL4R9wKg3XD+fjilOyieCiOJd/48x YfkRZ/uomjWVivT0gRZ5ERjXM9z/pfKkZ3tNFJPSktCtJLcheK1YELAz4SnJwu1P 0ZY/GHTiiInBoWbbSkDFGyA9RHzGl7WbxoboTEhLPPNunMcWUjl+K5q3XQz8rODf FZxXTILKPBU= =wOcr -----END PGP SIGNATURE-----
