add support for using USB devices as key to pam_ecryptfs

Bug #293836 reported by Mathieu Trudel-Lapierre on 2008-11-04
4
Affects Status Importance Assigned to Milestone
eCryptfs
Undecided
Unassigned
ecryptfs-utils (Ubuntu)
Undecided
Unassigned

Bug Description

Binary package hint: ecryptfs-utils

An intresting idea, using the existence of a specific connected USB devices, such as a pen drive, to act as a key. Maybe through the use of the filesystem's serial number or UUID, or some form of unique identifier from the device?

description: updated
Adam Niedling (krychek) wrote :

Are you sure that this is a bug? Please suggest your ideas at brainstorm.ubuntu.com . This report should be closed if this is not a bug.

Adam-

I asked Matt to file this here as a bug.

As a developer, I like to track such feature requests in Launchpad as a bug.

Thanks,
:-Dustin

Changed in ecryptfs:
status: New → Confirmed
Changed in ecryptfs-utils:
status: New → Confirmed
Dustin Kirkland  (kirkland) wrote :

Matt-

This should be handled entirely in documentation.

Here are the basic instructions:

Partition and format the USB stick
# fdisk /dev/sdb
# mkfs.ext3 /dev/sdb1

Copy your .ecryptfs to the USB stick
# mount /dev/sdb1 /mnt
# cp -a /home/USERNAME/.ecryptfs/* /mnt
# umount /mnt

Obtain the UUID
# blkid /dev/sdb1

Add to your fstab to mount on boot
UUID=46112c9a-a75d-4122-8975-cde61329w9c /home/USERNAME/.ecryptfs xfs relatime 0 2

I think that's all you need. It would be *great* if you could perhaps take these instructions, test/tweak them, and add them to a new page in the Community Wiki, perhaps:
 * http://help.ubuntu.com/community/EncryptedPrivateDirectoryUsbKey

:-Dustin

Changed in ecryptfs:
status: Confirmed → Invalid
Changed in ecryptfs-utils:
status: Confirmed → Invalid

Sure, will do.

I was actually thinking of some way for it to be plug and play, rather
than requiring a reboot or root access to do this, but I think I can
figure it out pretty easily, and I'll include it in the page.

To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers