A proposito di GPGKeyOnUsbDrive

14 Gennaio, 2012 by quadrispro

Già da tempo utilizzavo il metodo descritto nella guida GPGKeyOnUsbDrive (qui la guida originale in lingua inglese) e pubblico qui di seguito le versioni migliorate (o, meglio, adattate alle mie esigenze) dei due script mount.sh e umount.sh proposti.

Il primo crea automaticamente i link alle proprie cartelle .gnupg e .ssh, dopo averne creato delle copie di backup, e l’altro ripristina lo stato originale. A voi il codice!

mount.sh

#!/bin/bash

dir=`dirname $0`

loopdev=$(sudo losetup -f)

sudo -p "Password (sudo): " modprobe cryptoloop && \

sudo modprobe dm-crypt && \

sudo modprobe aes_generic && \

sudo mkdir -p /media/encrypted && \

sudo losetup $loopdev $dir/disk.img && \

sudo cryptsetup -c aes -s 256 -h sha256 create usbkey $loopdev && \

sudo mount -t ext3 /dev/mapper/usbkey /media/encrypted && \

sudo chown -R $UID.$UID /media/encrypted/

ask_yesno () {

REPLY=

while [ "$REPLY" != "y" ] && [ "$REPLY" != "n" ] ; do

echo -n "$1 "

read -N 1

echo

done

if [ "$REPLY" = "y" ]; then

return 0

return 1

}

backup_olddir () {

directory="$1"

mv "$HOME"/."$directory" "$HOME"/."$directory".BACKUP

}

create_link () {

directory="$1"

ln -s /media/encrypted/."$directory" "$HOME"/."$directory"

}

link_directory () {

directory="$1"

if [ -d "$HOME"/."$directory" ]; then

echo "Moving ~/.$directory to ~/.$directory.BACKUP… "

if [ -d "$HOME"/."$directory.BACKUP" ]; then

if ask_yesno "The directory $HOME/.$directory.BACKUP already exists, overwrite? [y/n]"

then

rm -rf "$HOME"/."$directory".BACKUP

backup_olddir "$directory"

create_link "$directory"

else

return 1

else

backup_olddir "$directory"

create_link "$directory"

else

create_link "$directory"

}

for dir in gnupg ssh

ask_yesno "Do you want to link your private $dir keys? [y/n]" && link_directory $dir

done

umount.sh

#!/bin/bash

loopdev=$(sudo cryptsetup status usbkey | grep device | sed -e "s/ *device:[ \t]*//")

sync

sudo umount /media/encrypted

sudo cryptsetup remove usbkey

sudo losetup -d $loopdev

restore_olddir () {

directory="$1"

mv "$HOME"/."$directory".BACKUP "$HOME"/."$directory"

}

for directory in gnupg ssh

if [ -L "$HOME"/."$directory" ] && \

[ "`readlink ${HOME}/.${directory}`" = "/media/encrypted/.${directory}" ]

then

echo "Restoring ~/.${directory}"

rm "$HOME"/."$directory"

restore_olddir "$directory"

done

AGGIORNAMENTO (30/01/2012): Corretto un errore nello script mount.sh.

Page 1 of 2 | Next page

Posted in Appunti | No comments

Previous post: Roba da leader
Next post: Python e le classi astratte