commence Chris Howells quotation:
> On Monday 01 April 2002 12:06 am, Sean Neakums wrote:
>> I'm using a simple script with gnupg so that I can use decently-sized
>> keys for the FSes. Odds are that you won't be able to remember
>
> That sounds pretty clever. Would you mind sharing it with the world? :)
Sure thing, here it is:
#!/bin/bash
while read i ; do
MOUNT_POINT=$(echo $i | cut -f1 -d:)
DEVICE=$(echo $i | cut -f2 -d:)
KEY_FILE=$(echo $i | cut -f3 -d:)
CIPHER=$(echo $i | cut -f4 -d:)
KEY_BITS=$(echo $i | cut -f5 -d:)
echo "$MOUNT_POINT ($DEVICE)"
if [ ! -r $KEY_FILE ]; then
echo $KEY_FILE does not exist; skipping $DEVICE
continue
fi
KEY=$(gpg --decrypt < $KEY_FILE)
if [ $? -ne 0 ]; then
echo Error decrypting $KEY_FILE; skipping $DEVICE
continue
fi
echo Attempting to mount $DEVICE on $MOUNT_POINT
echo $KEY | mount -oloop,encryption=$CIPHER,keybits=$KEY_BITS -p 0 $DEVICE $MOUNT_POINT
done
# end of mount-encrypted-volumes
It expects to be fed a file where each line looks like this:
/home:/dev/vg_main/lv_home_e:/root/home-volume-key:blowfish:256
The key file should be any file that gpg can decrypted with a secret
key on the keyring of the user running the script (most likely root).
The decrypted file should be a single line. I use four concatenated
md5sums of four blocks of data from /dev/random as my keys. Here is
the script I use:
#!/bin/bash
TMPFILES=($(mktemp) $(mktemp) $(mktemp) $(mktemp))
for i in "${TMPFILES[@]}"; do
echo -n Reading 256 bytes from /dev/random... 1>&2
dd if=/dev/random of="$i" bs=256 count=1 >/dev/null 2>&1
echo done. 1>&2
done
KEY=""
for i in "${TMPFILES[@]}"; do
KEY="$KEY$(md5sum "$i" | cut -f1 -d\ )"
done
echo $KEY
for i in "${TMPFILES[@]}"; do
rm -f "$i"
done
# end of file make-key
I just made up all this stuff as I went along, so there may be flaws I
have not considered. In fact, I would be surprised if there were not.
--
///////////////// | | The spark of a pin
<sneakums@zork.net> | (require 'gnu) | dropping, falling feather-like.
\\\\\\\\\\\\\\\\\ | | There is too much noise.
