[ale] ext3 formatted USB disks

Jeremy T. Bouse jeremy.bouse at undergrid.net
Sun Jun 3 23:17:08 EDT 2007


	Yes as I recall FC6 had an issue in udev that short circuited the GNOME
automount but could be fixed by commenting out one line in a config
file. I use Debian myself, being a Debian Developer go figure, so I had
written it with that as the assumption. I guess I could add the tweaks
for FC6 as well as any others that might be found.

	I don't allow my private SSH or GPG keys to be installed on any
machine, not even my workstation at home which is behind a firewall and
only accessed by me. I have 2 separate USB drives of identical size. One
has my sub-keys only as my wiki page describes. The other is encrypted
in the same fashion but actually has my full keyring with primary keys
and it is kept in a fire safe along with the CD with the revocation
certificates on CD and print-outs.

	I've also thought about setting up my USB drives with the setup I saw
mentioned in a Linux Journal issue I have here from a few months back
that showed how to reconfigure udev to automatically create a backup of
the raw drive image when the drive was mounted and keep several
revisions. This would be something I would have to think about first
because while it would be making a copy of the raw encrypted image, it
would be keeping it on the hard drive of the system.

	You can find my published key policy[1] that I encode on any key
signing I perform with the MD5 sum of the policy as well.

	Regards,
	Jeremy

[1] http://undergrid.net/legal/gpg/policy.20061219

Christopher Fowler wrote:
> On Sun, 2007-06-03 at 21:26 -0400, Jeremy T. Bouse wrote:
>> 	I've put it up on my personal wiki page[1] if you're interested. As I
>> recall it was fairly similar steps as per the URL you mentioned. It is
>> written from documenting how I prepared my USB drives that I handle my
>> GPG keys. I've still not finished putting everything into the document
>> but it's fairly complete enough to get the USB drive working.
> 
> It worked much better under FC7 than FC6.  I will try Xubuntu 7.04
> tomorrow.
> 
> In FC6 Gnome would prompt me for a password and that would get it
> registered but mounting failed.  I could click on Computer->55GB Disk
> and nothing would happen.  I had to go into a xterm and type 
> sudo mount /dev/mapper/luks.... /mnt to get to my files.
> 
> In FC7 Gnome asks for a password and then I get a nautilus popup showing
> me the files on that disk.  Works great!
> 
> I've not thought much about ding this in the past but I have gotten a
> little skittish after I thought I lost a USB flash drive.  I have a
> small collection of those things and I have so many home directories
> that it has been easier just to store many of my files there.  I'm
> normally the only person that accesses those files.  I'll encrypt it too
> but keep a unencrypted one to get files from Windoze users.
> 


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: OpenPGP digital signature




More information about the Ale mailing list