OpenPGP smartcard and crpyto fs

Joerg Schmitz-Linneweber joerg at
Mon Apr 18 16:49:57 CEST 2005

Hash: SHA1

Hi all!

I would like to use my O.card to securely hold an encryption key to be used by 
the Linux "crypto filesystem". This fs uses an utiulity "losetup" at startup 
which asks for a passphrase/keyword to be used as encryption/decryption key.
losetup can be configured to use a file descriptor to read this info from a 

OK. Next thing is: I don't want to let the card do all the encryption ;-)
(I think it would be a little bit slow... although the key would stay savely 
inside the card...)

Next thing (which works here), was to use a gpg encrypted file containing the 
passphrase(es) and doing something like
"cat ~/.crypto-fs-key.gpg|gpg -q --decrypt -r 0xdeadbeef 2>/dev/null"
but one problem was gpg spitting out these "Please insert...." and "PIN" info 
on stdout, and I'm not very comfortable with my passwords lying around on the 
disks... (altough they *are* encrypted).

What I would like would be to pull out some secret key (or plain data) and 
handle it over to losetup directly. I know that then the key can no longer be 
viewed as secure as it leaves the card, but that would be ok for me.

Anyone who thought about a scenario like this?

TIA. Salut, Jörg

- -- 
gpg/pgp key # 0xd7fa4512
fingerprint 4e89 6967 9cb2 f548 a806  7e8b fcf4 2053 d7fa 4512
Version: GnuPG v1.4.0 (GNU/Linux)


More information about the Gnupg-users mailing list