With a LUKS encrypted volume on an external device, when the device is connected gnome-volume-manager calls gnome-mount which prompts for the encrypted volume password.
If the volume is *only* protected by a key-file gnome-mount fails and "sudo cryptsetup luksOpen /dev name --key-file file.key" needed to be run manually.
As a first step to providing full support for key-files I have modified the hal script:
/usr/lib/hal/scripts/linux/hal-luks-setup-linux
I am working on a modification to gnome-mount too so it won't prompt for a password if a valid key-file is available.
Once the patched script is installed, when plugging in a LUKS encrypted volume gnome-mount will *still* ask you for a password but you can type in anything (it will be ignored) and press Enter. gnome-mount will execute the hal script which will check for a key-file and use it if found. If there is no matching key-file the script will try to use the password as before.
If you save the password you typed either for the session, or forever, you won't get the password prompt again unless the key-file isn't found.
I've added functionality at the start of the script to check /etc/crypttab and match it against the argument passed to gnome-mount by gnome-volume-manager, e.g:
# Copyright (C) 2005 W. Michael Petullo <email address hidden>
# Copyright (C) 2006 David Zeuthen <email address hidden>
# Copyright (C) 2007 TJ <email address hidden>
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License version 2.
# if there is a key-file, attempt to open the LUKS device with it
if [ "x${KEYFILE}" != "x" ]; then
if ! $CRYPTSETUP luksOpen $DEVICE $MAPPER --key-file $KEYFILE 2> /dev/null; then
echo org.freedesktop.Hal.Device.Volume.Crypto.SetupPasswordError >&2
echo "Error setting up $HAL_PROP_BLOCK_DEVICE - bad key-file?" >&2
exit 1
fi
else
read PASSWORD
if [ ! -f $CRYPTSETUP ]; then
echo org.freedesktop.Hal.Device.Volume.Crypto.CryptSetupMissing >&2
echo Error setting up $HAL_PROP_BLOCK_DEVICE - $CRYPTSETUP not found >&2
exit 1
fi
if [ -e /dev/mapper/luks_crypto_$HAL_PROP_VOLUME_UUID ]; then
echo org.freedesktop.Hal.Device.Volume.Crypto.SetupError >&2
echo $HAL_PROP_BLOCK_DEVICE is already setup? >&2
exit 1
fi
if ! echo "$PASSWORD" | $CRYPTSETUP luksOpen $HAL_PROP_BLOCK_DEVICE luks_crypto_$HAL_PROP_VOLUME_UUID 2> /dev/null; then
echo org.freedesktop.Hal.Device.Volume.Crypto.SetupPasswordError >&2
echo Error setting up $HAL_PROP_BLOCK_DEVICE - bad password? >&2
exit 1
fi
Binary package hint: hal
Feisty + Gnome, gnome-mount
With a LUKS encrypted volume on an external device, when the device is connected gnome-volume- manager calls gnome-mount which prompts for the encrypted volume password.
If the volume is *only* protected by a key-file gnome-mount fails and "sudo cryptsetup luksOpen /dev name --key-file file.key" needed to be run manually.
As a first step to providing full support for key-files I have modified the hal script:
/usr/lib/ hal/scripts/ linux/hal- luks-setup- linux
I am working on a modification to gnome-mount too so it won't prompt for a password if a valid key-file is available.
Once the patched script is installed, when plugging in a LUKS encrypted volume gnome-mount will *still* ask you for a password but you can type in anything (it will be ignored) and press Enter. gnome-mount will execute the hal script which will check for a key-file and use it if found. If there is no matching key-file the script will try to use the password as before.
If you save the password you typed either for the session, or forever, you won't get the password prompt again unless the key-file isn't found.
I've added functionality at the start of the script to check /etc/crypttab and match it against the argument passed to gnome-mount by gnome-volume- manager, e.g:
-- hal-udi= /org/freedeskto p/Hal/devices/ volume_ uuid_a86ed2d8_ 4868_4a32_ 92af_fcce82d069 6d
The entry in /etc/crypttab *must* use the UUID in the device column. like this, for the script to work:
# <target name> <source device> <key file> <options> by-uuid/ 408e7dbc- 1cad-4eff- 9a06-1b1f9f60d2 2a /media/ key3/disk. key luks
mobile120 /dev/disk/
The script will match the UUID, get the target name and the key-file, and call cryptsetup luksOpen.
----- /usr/lib/ hal/scripts/ linux/hal- luks-setup- linux -----------------
#!/bin/bash
# Copyright (C) 2005 W. Michael Petullo <email address hidden>
# Copyright (C) 2006 David Zeuthen <email address hidden>
# Copyright (C) 2007 TJ <email address hidden>
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License version 2.
CRYPTSETUP= /sbin/cryptsetu p
# detect key-file protected volume PROP_VOLUME_ UUID#*_ uuid_}\ " /etc/crypttab | awk '{print $0}'`"
LUKS="`grep \"${HAL_
MAPPER="`echo $LUKS | awk '{print $1}'`"
DEVICE="`echo $LUKS | awk '{print $2}'`"
KEYFILE="`echo $LUKS | awk '{print $3}'`"
# if there is a key-file, attempt to open the LUKS device with it .Hal.Device. Volume. Crypto. SetupPasswordEr ror >&2 BLOCK_DEVICE - bad key-file?" >&2
if [ "x${KEYFILE}" != "x" ]; then
if ! $CRYPTSETUP luksOpen $DEVICE $MAPPER --key-file $KEYFILE 2> /dev/null; then
echo org.freedesktop
echo "Error setting up $HAL_PROP_
exit 1
fi
else
read PASSWORD
if [ ! -f $CRYPTSETUP ]; then .Hal.Device. Volume. Crypto. CryptSetupMissi ng >&2 BLOCK_DEVICE - $CRYPTSETUP not found >&2
echo org.freedesktop
echo Error setting up $HAL_PROP_
exit 1
fi
if [ -e /dev/mapper/ luks_crypto_ $HAL_PROP_ VOLUME_ UUID ]; then .Hal.Device. Volume. Crypto. SetupError >&2 BLOCK_DEVICE is already setup? >&2
echo org.freedesktop
echo $HAL_PROP_
exit 1
fi
if ! echo "$PASSWORD" | $CRYPTSETUP luksOpen $HAL_PROP_ BLOCK_DEVICE luks_crypto_ $HAL_PROP_ VOLUME_ UUID 2> /dev/null; then .Hal.Device. Volume. Crypto. SetupPasswordEr ror >&2 BLOCK_DEVICE - bad password? >&2
echo org.freedesktop
echo Error setting up $HAL_PROP_
exit 1
fi
fi
hal-set-property --udi=$UDI --key=" info.callouts. remove" --strlist- pre="hal- luks-remove" > /dev/null 2>&1
exit 0