Re: Encrypt USB-HDD with LUKS using OpenPGP smartcard?

2018-08-01 Thread Damien Cassou 
Dirk Gottschalk via Gnupg-users  writes:
> Is it possible to encrypt an external USB drive in LUKS format with an
> OpenPGP smartcard? The device is, until now, only passphrase encrypted
> and mounted on detect.
>
> Would it be possible to let gpg ask for the PIN of the card, it it's in
> locket state?

what I do is to have the external HDD encryption passphrase in a GnuPG
encrypted file of my main hard disk. Then, a bash script takes care of
(1) getting the passphrase from the encrypted file, (2) mount the
external disk with the passphrase. That way, you can use your smartcard.

All my passwords are in GnuPG encrypted files and handled by
https://www.passwordstore.org/.

-- 
Damien Cassou
http://damiencassou.seasidehosting.st

"Success is the ability to go from one failure to another without
losing enthusiasm." --Winston Churchill

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

GPGME status callback not working for need entropy

2018-08-01 Thread Jacob Adams 
I've been trying to use the GPGME status callback to get an indication
of when the system is low on entropy, but I don't seem to get a callback
when such an even occurs. I've enabled full status and I get Pinentry
Launched status messages, so it seems to sort of be working. When
generating a key without enough randomness, the whole application just
locks up with no indication of what is happening. Is there anything else
I could query to inform the user of what's occurring in this scenario?

Thanks,
Jacob



signature.asc
Description: OpenPGP digital signature
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Encrypt USB-HDD with LUKS using OpenPGP smartcard?

2018-08-01 Thread Peter Lebbing 
On 01/08/18 18:16, Dirk Gottschalk wrote:
> Coult this be raplaces by the smartcard
> to use the gpg key in some way?

AFAIK, this is just systemd delegating passphrase querying to the
physically present user. I suppose if you could somehow influence where
it got the passphrase from, there might be a way to achieve it, but I
have no idea how. That's all the direction I can provide.

HTH,

Peter.

-- 
I use the GNU Privacy Guard (GnuPG) in combination with Enigmail.
You can send me encrypted mail if you want some privacy.
My key is available at 



signature.asc
Description: OpenPGP digital signature
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Encrypt USB-HDD with LUKS using OpenPGP smartcard?

2018-08-01 Thread Dirk Gottschalk via Gnupg-users 
Hi,

Am Mittwoch, den 01.08.2018, 18:06 +0200 schrieb Peter Lebbing:
> On 01/08/18 17:41, Dirk Gottschalk via Gnupg-users wrote:
> > Is it possible to encrypt an external USB drive in LUKS format with
> > an
> > OpenPGP smartcard?
> 
> On a system with systemd: no, I don't think this can be done. Systemd
> doesn't want to implement cryptsetup keyscripts, and those would be
> needed.
> 
> On a different system: it depends. What system are we talking about?
> :-)

I am using Fedora and it uses SystemD. On the other hanjd, the HDD is
mounted when plugged in via GVFS and Gnome asks for the passphrase or
reads it from gnome's keyring. Coult this be raplaces by the smartcard
to use the gpg key in some way?

I tried to use g13 with dm-crypt, but this seems not to work on Frdora
for an unknown reason.

Regards,
Dirk

-- 
Dirk Gottschalk
Paulusstrasse 6-8
52064 Aachen, Germany

GPG: DDCB AF8E 0132 AA54 20AB  B864 4081 0B18 1ED8 E838
Keybase.io: https://keybase.io/dgottschalk
GitHub: https://github.com/Dirk1980ac



signature.asc
Description: This is a digitally signed message part
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Encrypt USB-HDD with LUKS using OpenPGP smartcard?

2018-08-01 Thread Peter Lebbing 
On 01/08/18 17:41, Dirk Gottschalk via Gnupg-users wrote:
> Is it possible to encrypt an external USB drive in LUKS format with an
> OpenPGP smartcard?

On a system with systemd: no, I don't think this can be done. Systemd
doesn't want to implement cryptsetup keyscripts, and those would be needed.

On a different system: it depends. What system are we talking about? :-)

HTH,

Peter.

-- 
I use the GNU Privacy Guard (GnuPG) in combination with Enigmail.
You can send me encrypted mail if you want some privacy.
My key is available at 



signature.asc
Description: OpenPGP digital signature
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Encrypt USB-HDD with LUKS using OpenPGP smartcard?

2018-08-01 Thread Dirk Gottschalk via Gnupg-users 
Hi.

Is it possible to encrypt an external USB drive in LUKS format with an
OpenPGP smartcard? The device is, until now, only passphrase encrypted
and mounted on detect.

Would it be possible to let gpg ask for the PIN of the card, it it's in
locket state?

Regards,
Dirk

-- 
Dirk Gottschalk
Paulusstrasse 6-8
52064 Aachen, Germany

GPG: DDCB AF8E 0132 AA54 20AB  B864 4081 0B18 1ED8 E838
Keybase.io: https://keybase.io/dgottschalk
GitHub: https://github.com/Dirk1980ac



signature.asc
Description: This is a digitally signed message part
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users