gpg keys on USB drive
jhell
jhell at DataIX.net
Sun Jun 19 02:48:59 UTC 2011
On Fri, Jun 17, 2011 at 09:23:43PM -0400, Robert Simmons wrote:
> I have been reading up on keeping encryption secret keys on a USB thumb drive
> so that there is an "air gap" so to speak except when the drive is inserted in
> the machine and mounted.
>
> Is it possible to replace all the files in my home directory with symbolic
> links to the corresponding files in the USB drive? This seems easy, but how
> can I be sure in FreeBSD that the symlinks will always work when the drive is
> plugged in? I have noticed that the device is sometimes different depending on
> what other USB devices are plugged in and where they are plugged in.
>
> Also, other than the obvious drawback of needing to remember where the drive
> is, and plug it in, are there any drawbacks to keeping keysets such as for
> OpenSSH, geli providers, GnuPG, KWallet, and BitCoin on a USB drive?
>
> Lastly, using geli to create a passphrase based encrypted provider ON the USB
> drive before storing everything on there would increase its security, no?
Checkout /etc/devd.conf where you can match that USB device specifically
with some entries and fire a script to perform whatever ``action''
neccesary to achieve the conditions that you have to meet. There should
be sufficient examples in that file already that would give you a head
start & clue of what to add.
This might not be your best choice if your not comfortable with
scripting though.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 522 bytes
Desc: not available
Url : http://lists.freebsd.org/pipermail/freebsd-security/attachments/20110619/01c5d22f/attachment.pgp
More information about the freebsd-security
mailing list