Package: cryptsetup Version: 2:1.0.6~pre1+svn45-1 Severity: wishlist
I'd like to be able to use a small USB stick as a physical "key" to my system. There are various mini-HOWTOs and keyscripts floating around that describe people's custom implementations of this but I think having this as a supported feature in Debian would be better than a bunch of custom solutions. The following functionality would be needed: 1) A small tool that prepares an USB stick (or other removable media) to be used as the "key". There's of course various ways to put the key onto the media, at the moment I'm favouring - wipe the stick using badblocks -w -t random or dd if=/dev/urandom - make a filesystem on the stick, possibly on a partition if it is customary to partition them. This would probably be VFAT. The partition / filesystem should be *slightly smaller* than the media, leaving a few bytes of space, probably at the end. - put an UUID / magic number at the start of the free space - create the key(s) by dd-ing it / them directly from /dev/random to the free space on the media at intervals. - add this key as a luks key. 2) A keyscript that looks for the UUID / magic number on candidate media and reads the appropriate key. The key field in /etc/crypttab that's passed as the parameter would be of the form 'UUID:keynumber'. The keyscript should fallback to passphrase input on console when the correct key is not found. That adds a safety net for lost USB key IF you have a passphrase key defined as well. I realize this scheme is rather elaborate, I'd settle for a documented and shipped-by-default keyscript that can mount partitions by (filesystem) UUID and read the key from there. Regards, C. -- System Information: Debian Release: lenny/sid APT prefers testing APT policy: (500, 'testing') Architecture: amd64 (x86_64) Kernel: Linux 2.6.22-3-amd64 (SMP w/2 CPU cores) Locale: LANG=de_AT.UTF-8, LC_CTYPE=de_AT.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/bash Versions of packages cryptsetup depends on: ii dmsetup 2:1.02.24-3 The Linux Kernel Device Mapper use ii libc6 2.7-6 GNU C Library: Shared libraries ii libdevmapper1.02.1 2:1.02.24-3 The Linux Kernel Device Mapper use ii libpopt0 1.10-3 lib for parsing cmdline parameters ii libuuid1 1.40.6-1 universally unique id library cryptsetup recommends no packages. -- no debconf information -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
