trekvarten
December 12th, 2008, 06:53 PM
Hi,
I've got this minor inconvenience with my LUKS-based disk encryption system.
Here's the setup:
1. I have a LVM+LUKS combo for the most important directories (/home, /var and so on) with password1, working just fine
2. I have another partition (LUKS on an internal physical volume) for storing sensitive files with password2, however it doesn't get used that often.
The thing is: I'm currently using /etc/crypttab for both of these partitions, which of course makes cryptdisks ask for both passwords on every boot, and since the computer gets restarted quite frequently, it is a pain having to type both passwords every time (because partition 2 isn't needed most of the time).
Also, I don't want partition 2 to stay unlocked in case someone reaches the computer while it is turned on and extracts the key from RAM.
So, what I'm looking for is some easy way to mount the second partition on demand. An easy task you say; and indeed I've found it to be quite trivial with scripts for mounting and unmounting etc. What I'm looking for, however, is a more elegant, intuitive and secure solution; I'm thinking of the way GNOME reacts to LUKS-encrypted external drives:
It identifies the drive as encrypted, asks for a password when it is inserted, and unlocks + mounts; if no password is given, the drive can still be reached from Places... and most importantly, it closes the encrypted drive after it's unmounted. However, this doesn't seem possible with internal drives for some reason probably related to requiring root access to access the device.
I've messed a bit with fstab options etc, no dice.
The ideal solution would be to as a normal user be able to mount the volume like any external drive, just asking for the encryption password, in GNOME.
Any ideas? :p
I've got this minor inconvenience with my LUKS-based disk encryption system.
Here's the setup:
1. I have a LVM+LUKS combo for the most important directories (/home, /var and so on) with password1, working just fine
2. I have another partition (LUKS on an internal physical volume) for storing sensitive files with password2, however it doesn't get used that often.
The thing is: I'm currently using /etc/crypttab for both of these partitions, which of course makes cryptdisks ask for both passwords on every boot, and since the computer gets restarted quite frequently, it is a pain having to type both passwords every time (because partition 2 isn't needed most of the time).
Also, I don't want partition 2 to stay unlocked in case someone reaches the computer while it is turned on and extracts the key from RAM.
So, what I'm looking for is some easy way to mount the second partition on demand. An easy task you say; and indeed I've found it to be quite trivial with scripts for mounting and unmounting etc. What I'm looking for, however, is a more elegant, intuitive and secure solution; I'm thinking of the way GNOME reacts to LUKS-encrypted external drives:
It identifies the drive as encrypted, asks for a password when it is inserted, and unlocks + mounts; if no password is given, the drive can still be reached from Places... and most importantly, it closes the encrypted drive after it's unmounted. However, this doesn't seem possible with internal drives for some reason probably related to requiring root access to access the device.
I've messed a bit with fstab options etc, no dice.
The ideal solution would be to as a normal user be able to mount the volume like any external drive, just asking for the encryption password, in GNOME.
Any ideas? :p