A proposito di GPGKeyOnUsbDrive

Già da tempo utilizzavo il metodo descritto nella guida GPGKeyOnUsbDrive (qui la guida originale in lingua inglese) e pubblico qui di seguito le versioni migliorate (o, meglio, adattate alle mie esigenze) dei due script mount.sh e umount.sh proposti.

Il primo crea automaticamente i link alle proprie cartelle .gnupg e .ssh, dopo averne creato delle copie di backup, e l’altro ripristina lo stato originale. A voi il codice!

mount.sh

#!/bin/bash

dir=`dirname $0`
loopdev=$(sudo losetup -f)
sudo -p "Password (sudo): " modprobe cryptoloop && \
sudo modprobe dm-crypt && \
sudo modprobe aes_generic && \
sudo mkdir -p /media/encrypted && \
sudo losetup $loopdev $dir/disk.img && \
sudo cryptsetup -c aes -s 256 -h sha256 create usbkey $loopdev && \
sudo mount -t ext3 /dev/mapper/usbkey /media/encrypted && \
sudo chown -R $UID.$UID /media/encrypted/

ask_yesno () {
  REPLY=
  while [ "$REPLY" != "y" ] && [ "$REPLY" != "n" ] ; do
    echo -n "$1 "
    read -N 1
    echo
  done
  if [ "$REPLY" = "y" ]; then
    return 0
  fi
  return 1
}

backup_olddir () {
  directory="$1"
  mv "$HOME"/."$directory" "$HOME"/."$directory".BACKUP
}

create_link () {
  directory="$1"
  ln -s /media/encrypted/."$directory" "$HOME"/."$directory"
}

link_directory () {
  directory="$1"
  if [ -d "$HOME"/."$directory" ]; then
    echo "Moving ~/.$directory to ~/.$directory.BACKUP... "
    if [ -d "$HOME"/."$directory.BACKUP" ]; then
      if ask_yesno "The directory $HOME/.$directory.BACKUP already exists, overwrite? [y/n]"
      then
        rm -rf "$HOME"/."$directory".BACKUP
        backup_olddir "$directory"
        create_link "$directory"
      else
        return 1
      fi
    else
      backup_olddir "$directory"
      create_link "$directory"
    fi
  else
    create_link "$directory"
  fi
}

for dir in gnupg ssh
do
  ask_yesno "Do you want to link your private $dir keys? [y/n]" && link_directory $dir
done

umount.sh

#!/bin/bash

loopdev=$(sudo cryptsetup status usbkey | grep device | sed -e "s/ *device:[ \t]*//")

sync
sudo umount /media/encrypted
sudo cryptsetup remove usbkey
sudo losetup -d $loopdev

restore_olddir () {
  directory="$1"
  mv "$HOME"/."$directory".BACKUP "$HOME"/."$directory"
}

for directory in gnupg ssh
do
  if [ -L "$HOME"/."$directory" ] && \
     [ "`readlink ${HOME}/.${directory}`" = "/media/encrypted/.${directory}" ]
  then
    echo "Restoring ~/.${directory}"
    rm "$HOME"/."$directory"
    restore_olddir "$directory"
  fi
done

 

AGGIORNAMENTO (30/01/2012): Corretto un errore nello script mount.sh.