OpenPGP smartcard and crpyto fs
Joerg Schmitz-Linneweber
joerg at schmitz-linneweber.de
Mon Apr 18 16:49:57 CEST 2005
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hi all!
I would like to use my O.card to securely hold an encryption key to be used by
the Linux "crypto filesystem". This fs uses an utiulity "losetup" at startup
which asks for a passphrase/keyword to be used as encryption/decryption key.
losetup can be configured to use a file descriptor to read this info from a
file.
OK. Next thing is: I don't want to let the card do all the encryption ;-)
(I think it would be a little bit slow... although the key would stay savely
inside the card...)
Next thing (which works here), was to use a gpg encrypted file containing the
passphrase(es) and doing something like
"cat ~/.crypto-fs-key.gpg|gpg -q --decrypt -r 0xdeadbeef 2>/dev/null"
but one problem was gpg spitting out these "Please insert...." and "PIN" info
on stdout, and I'm not very comfortable with my passwords lying around on the
disks... (altough they *are* encrypted).
What I would like would be to pull out some secret key (or plain data) and
handle it over to losetup directly. I know that then the key can no longer be
viewed as secure as it leaves the card, but that would be ok for me.
Anyone who thought about a scenario like this?
TIA. Salut, Jörg
- --
gpg/pgp key # 0xd7fa4512
fingerprint 4e89 6967 9cb2 f548 a806 7e8b fcf4 2053 d7fa 4512
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.0 (GNU/Linux)
iD8DBQFCY8ka/PQgU9f6RRIRAtRLAKCcUWd5bciKrlgBoYbkqZIMyXO9iQCeNq5J
puPvoTIxUYDv9BA4BD1B+X8=
=aqrB
-----END PGP SIGNATURE-----
More information about the Gnupg-users
mailing list