A proposito di GPGKeyOnUsbDrive
Già da tempo utilizzavo il metodo descritto nella guida GPGKeyOnUsbDrive (qui la guida originale in lingua inglese) e pubblico qui di seguito le versioni migliorate (o, meglio, adattate alle mie esigenze) dei due script mount.sh e umount.sh proposti.
Il primo crea automaticamente i link alle proprie cartelle .gnupg e .ssh, dopo averne creato delle copie di backup, e l’altro ripristina lo stato originale. A voi il codice!
mount.sh
#!/bin/bash
dir=`dirname $0`
loopdev=$(sudo losetup -f)
sudo -p "Password (sudo): " modprobe cryptoloop && \
sudo modprobe dm-crypt && \
sudo modprobe aes_generic && \
sudo mkdir -p /media/encrypted && \
sudo losetup $loopdev $dir/disk.img && \
sudo cryptsetup -c aes -s 256 -h sha256 create usbkey $loopdev && \
sudo mount -t ext3 /dev/mapper/usbkey /media/encrypted && \
sudo chown -R $UID.$UID /media/encrypted/
ask_yesno () {
REPLY=
while [ "$REPLY" != "y" ] && [ "$REPLY" != "n" ] ; do
echo -n "$1 "
read -N 1
echo
done
if [ "$REPLY" = "y" ]; then
return 0
fi
return 1
}
backup_olddir () {
directory="$1"
mv "$HOME"/."$directory" "$HOME"/."$directory".BACKUP
}
create_link () {
directory="$1"
ln -s /media/encrypted/."$directory" "$HOME"/."$directory"
}
link_directory () {
directory="$1"
if [ -d "$HOME"/."$directory" ]; then
echo "Moving ~/.$directory to ~/.$directory.BACKUP… "
if [ -d "$HOME"/."$directory.BACKUP" ]; then
if ask_yesno "The directory $HOME/.$directory.BACKUP already exists, overwrite? [y/n]"
then
rm -rf "$HOME"/."$directory".BACKUP
backup_olddir "$directory"
create_link "$directory"
else
return 1
fi
else
backup_olddir "$directory"
create_link "$directory"
fi
else
create_link "$directory"
fi
}
for dir in gnupg ssh
do
ask_yesno "Do you want to link your private $dir keys? [y/n]" && link_directory $dir
done
umount.sh
#!/bin/bash
loopdev=$(sudo cryptsetup status usbkey | grep device | sed -e "s/ *device:[ \t]*//")
sync
sudo umount /media/encrypted
sudo cryptsetup remove usbkey
sudo losetup -d $loopdev
restore_olddir () {
directory="$1"
mv "$HOME"/."$directory".BACKUP "$HOME"/."$directory"
}
for directory in gnupg ssh
do
if [ -L "$HOME"/."$directory" ] && \
[ "`readlink ${HOME}/.${directory}`" = "/media/encrypted/.${directory}" ]
then
echo "Restoring ~/.${directory}"
rm "$HOME"/."$directory"
restore_olddir "$directory"
fi
done
AGGIORNAMENTO (30/01/2012): Corretto un errore nello script mount.sh.
Page 1 of 2 | Next page