-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi,
Am Do den 17. Mär 2005 um 14:13 schriebst Du: > > o Especially on laptops, it might be interesting to also encrypt all of > > /home and/or other parts of the harddrive to make the data unusuable > > without the USB key. But how to integrate this with the other > > requirements? > > I know of someone who set up a solution so the crypto partitions will > not be mounted if the smartcard is not plugged in. I made such a solution using cfs for my own laptop. I do that by mounting a encrypted dir and then setting $HOME to the new home. Unfortunable not all applications take care for $HOME. Most important gimp or pan and some other. I only do "crypthome newhome" to use it. The directory can be generated by: gpg --gen-random 2 16 | gpg --symmetric > key.gpg gpg < key.gpg | cmkdir -b -- newhome mv key.gpg newhome/..p Here how I did this (part of .bashrc): cryptmount() { if [ "X$1" == "X" ]; then echo "Please specify a directory!" return 1 fi if [ -d /crypt/$1 ]; then echo "Directory still mounted!" return 0 fi if _testcrypt "$1" "$1.gpg"; then CDIR="$1" CPWFILE="$1.gpg" elif _testcrypt ".$1" ".$1.gpg"; then CDIR=".$1" CPWFILE=".$1.gpg" elif _testcrypt "$1" "$1/..p"; then CDIR="$1" CPWFILE="$1/..p" elif _testcrypt ".$1" ".$1/..p"; then CDIR=".$1" CPWFILE=".$1/..p" elif _testcrypt "$HOME/$1" "$HOME/$1.gpg"; then CDIR="$HOME/$1" CPWFILE="$HOME/$1.gpg" elif _testcrypt "$HOME/.$1" "$HOME/.$1.gpg"; then CDIR="$HOME/.$1" CPWFILE="$HOME/.$1.gpg" elif _testcrypt "$1"; then CDIR="$1" CPWFILE="" elif _testcrypt ".$1"; then CDIR=".$1" CPWFILE="" elif _testcrypt "$HOME/$1"; then CDIR="$HOME/$1" CPWFILE="" elif _testcrypt "$HOME/.$1"; then CDIR="$HOME/.$1" CPWFILE="" else echo "File $1 not found!" return 1 fi if [ "X$CPWFILE" == "X" ]; then cattach $CDIR $1 else gpg < $CPWFILE | cattach -- $CDIR $1 fi return $? } crypthome() { cryptmount $1 || return 1 sleep 1 until [ -d /crypt/$1 ]; do sleep 1 done cd /crypt/$1 && herehome echo "Home directory chaged to /crypt/$1." } Regards Klaus Ethgen - -- Klaus Ethgen http://www.ethgen.de/ pub 2048R/D1A4EDE5 2000-02-26 Klaus Ethgen <[EMAIL PROTECTED]> Fingerprint: D7 67 71 C4 99 A6 D4 FE EA 40 30 57 3C 88 26 2B -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.0 (GNU/Linux) iQEVAwUBQjmSvZ+OKpjRpO3lAQKZgAgAg4u6ybSUfCCPMHm00fYSzsn+rLwi+/wp h4m+W+vwdpPczYlkTxIKkmzLHXMdv0qnsUa37kijU4KdaVOvxQbsCcWdI3Z5yw9Q lheUU06Zm6YNCJlm30Vavb+hhCxK1jGLrIAwb5AxeE4dtdBAGifjzauF9ilwOooN Tq7Wqh27kn+v8VTsWzsqoLCBSLnn4YSnGHtTVqhkCiFWt6kMgiqzVcBLBfXdktIl xKjNTE9Zn534G3yKcrxXY4SuUmANt+fliSt7WPPfXDgt8u6YG5cCpJQTjjXivTaC 4pm7IvpMpcY6bSqgDr5gZzeJ8tHEA7FKJOQjLFVBMelJ4Yz1EEE4PQ== =zhfn -----END PGP SIGNATURE----- -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]