Re: gpg keys on USB drive
--vkogqOf2sHV7VnPd
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
On Fri, Jun 17, 2011 at 09:23:43PM -0400, Robert Simmons wrote:
> I have been reading up on keeping encryption secret keys on a USB thumb d=
rive=20
> so that there is an "air gap" so to speak except when the drive is insert=
ed in=20
> the machine and mounted.
>=20
> Is it possible to replace all the files in my home directory with symboli=
c=20
> links to the corresponding files in the USB drive? This seems easy, but =
how=20
> can I be sure in FreeBSD that the symlinks will always work when the driv=
e is=20
> plugged in? I have noticed that the device is sometimes different depend=
ing on=20
> what other USB devices are plugged in and where they are plugged in.
>=20
> Also, other than the obvious drawback of needing to remember where the dr=
ive=20
> is, and plug it in, are there any drawbacks to keeping keysets such as fo=
r=20
> OpenSSH, geli providers, GnuPG, KWallet, and BitCoin on a USB drive?
>=20
> Lastly, using geli to create a passphrase based encrypted provider ON the=
USB=20
> drive before storing everything on there would increase its security, no?
Checkout /etc/devd.conf where you can match that USB device specifically
with some entries and fire a script to perform whatever ``action''
neccesary to achieve the conditions that you have to meet. There should
be sufficient examples in that file already that would give you a head
start & clue of what to add.
This might not be your best choice if your not comfortable with
scripting though.
--vkogqOf2sHV7VnPd
Content-Type: application/pgp-signature
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.17 (FreeBSD)
Comment: http://bit.ly/0x89D8547E
iQEcBAEBAgAGBQJN/WOVAAoJEJBXh4mJ2FR+WAsH/A4WL9XDjzHgSeLuPOP1H2Tv
EJd+xVX3YYYmxcxc5lPKImdtdqcg6u/kdKagWWH8jP/tcukfabOU3ii+ie0JQmiy
3RKK65svOfVABxsYpJ5HfS9AbQFbIQw/LPSLEhCwvVQZmLFgQtgi0ikhs0J/IZSc
g9rGXn4HNVEadwECk1c46hZWtvzTUU64tCkHmx943+/EHugMv6BS6EAqJd33Dxe+
StIuy70ff1v9QVR0ML2atLkQC1ns4BndhFhujobISsqHe6CmLJBBTdOD2Nw3SOnY
GXrx66NIWMEXbWW7zv0BLouoiGBRln+QseHBDxlgBrR6LKe1lDP5tEiDPegC6Pk=
=DLrI
-----END PGP SIGNATURE-----
--vkogqOf2sHV7VnPd--
討論串 (同標題文章)