Date: Sat, 18 Jun 2011 22:48:53 -0400 From: jhell <jhell@DataIX.net> To: Robert Simmons <rsimmons0@gmail.com> Cc: freebsd-security@freebsd.org Subject: Re: gpg keys on USB drive Message-ID: <20110619024853.GA2419@DataIX.net> In-Reply-To: <201106172123.44466.rsimmons0@gmail.com> References: <201106172123.44466.rsimmons0@gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
--vkogqOf2sHV7VnPd Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Fri, Jun 17, 2011 at 09:23:43PM -0400, Robert Simmons wrote: > I have been reading up on keeping encryption secret keys on a USB thumb d= rive=20 > so that there is an "air gap" so to speak except when the drive is insert= ed in=20 > the machine and mounted. >=20 > Is it possible to replace all the files in my home directory with symboli= c=20 > links to the corresponding files in the USB drive? This seems easy, but = how=20 > can I be sure in FreeBSD that the symlinks will always work when the driv= e is=20 > plugged in? I have noticed that the device is sometimes different depend= ing on=20 > what other USB devices are plugged in and where they are plugged in. >=20 > Also, other than the obvious drawback of needing to remember where the dr= ive=20 > is, and plug it in, are there any drawbacks to keeping keysets such as fo= r=20 > OpenSSH, geli providers, GnuPG, KWallet, and BitCoin on a USB drive? >=20 > Lastly, using geli to create a passphrase based encrypted provider ON the= USB=20 > drive before storing everything on there would increase its security, no? Checkout /etc/devd.conf where you can match that USB device specifically with some entries and fire a script to perform whatever ``action'' neccesary to achieve the conditions that you have to meet. There should be sufficient examples in that file already that would give you a head start & clue of what to add. This might not be your best choice if your not comfortable with scripting though. --vkogqOf2sHV7VnPd Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.17 (FreeBSD) Comment: http://bit.ly/0x89D8547E iQEcBAEBAgAGBQJN/WOVAAoJEJBXh4mJ2FR+WAsH/A4WL9XDjzHgSeLuPOP1H2Tv EJd+xVX3YYYmxcxc5lPKImdtdqcg6u/kdKagWWH8jP/tcukfabOU3ii+ie0JQmiy 3RKK65svOfVABxsYpJ5HfS9AbQFbIQw/LPSLEhCwvVQZmLFgQtgi0ikhs0J/IZSc g9rGXn4HNVEadwECk1c46hZWtvzTUU64tCkHmx943+/EHugMv6BS6EAqJd33Dxe+ StIuy70ff1v9QVR0ML2atLkQC1ns4BndhFhujobISsqHe6CmLJBBTdOD2Nw3SOnY GXrx66NIWMEXbWW7zv0BLouoiGBRln+QseHBDxlgBrR6LKe1lDP5tEiDPegC6Pk= =DLrI -----END PGP SIGNATURE----- --vkogqOf2sHV7VnPd--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20110619024853.GA2419>