Re: support for encrypted volumes?
- From: Liviu Andronic <landronimirc@xxxxxxxxx>
- To: emelfm2@xxxxxxxxxxxxx
- Date: Thu, 2 Sep 2010 23:58:48 +0300
On Tue, Aug 31, 2010 at 12:57 PM, <tpgww@xxxxxxxxxxx> wrote:
> It seems that your process, in general terms, is:
>
> 1. get some authority if you don't have it already
> 2. run "mount", as normal
>
Yes.
> I don't know if there are generic ways to:
> * decide whether the authority either is held, or is not needed
> * obtain the authority if needed and not held
> at any specified time. I mean, independent of specific encryption mechanism,
> OS's etc.
>
> If not, it seems to me that it would be appropriate for users to set up their
> own specific macros etc.
>
I also thought of this: various encryption approaches would require
different 'macros'. However, there might be some existing GTK
infrastructure. Here the GTK file chooser automatically identifies
LUKS-encrypted volumes and asks for a password when clicking them (see
[1]). I *think* that this is a Gnome keyring feature or smth similar.
Do you think that this could (optionally) be used in emel?
[1] http://s000.tinyupload.com/index.php?file_id=07123386077704625548
> One issue might be a way to get a password, if a password-dialog (with
> obfuscated input echoing) were preferred for input of that.
>
What about the 'Run command as root' approach?
Regards
Liviu
> Regards
> Tom
>
>
>
>> On Thu, Aug 26, 2010 at 9:40 AM, <tpgww@xxxxxxxxxxx> wrote:
>> > I know nothing at all about encrypted volumes, nor do I have one to use
>> > for testing purposes.
>> >
>> It is not that difficult to set up a an encrypted device [1]. After
>> installing the necessary packages, you can simply follow steps 5 to 7.
>> (Be sure to do this on an un-needed partition, because all data will
>> be lost in the process.)
>> [1]
>> http://ubuntu-tutorials.com/2007/08/17/7-steps-to-an-encrypted-partition-local-or-removable-disk/
>>
>>
>> > However a mount command should behave generically. e2 does not itself
>> > actually do anything. I do think it's worth exploring what might be
>> > happening to trigger your reported error. Can you provide any further
>> > insights e.g.
>> > - effect of [un]mounting the device via your mountpoints menu
>> >
>>
>> >mount "/media/misc" (11240)
>> mount: special device /dev/mapper/misc does not exist
>> >mount "/media/misc" (11240) returned '32'
>>
>> For reference, my /etc/fstab contains
>> /dev/mapper/misc /media/misc ext2 defaults,users,noauto 0 0
>>
>> If you need the whole file, let me know.
>>
>>
>> > - effect of commands mount "/mnt/misc" (as distinct from >mount
>> > "/mnt/misc") and even >mount /mnt/misc (no quotes)
>> >
>> All cli variations yield the same error code as above. I am getting
>> all these messages since in this session I haven't yet opened the
>> encrypted device using luksOpen and the password.
>>
>>
>> > - what happens when such commands are issued via a standard terminal
>> >
>> root@liv-laptop:/etc# mount "/media/misc"
>> mount: special device /dev/mapper/misc does not exist
>>
>> After issuing
>> root@liv-laptop:/etc# cryptsetup luksOpen /dev/sda9 misc
>> Enter passphrase for /dev/sda9:
>> Key slot 0 unlocked.
>>
>> the following
>> >mount "/media/misc" (11376)
>> >mount "/media/misc" (11376) returned '0'
>>
>> works via emel's mountpoints menu.
>>
>>
>> > - if you build for udisks/devkit-disks operation, is there any
>> > device-relevant debug message(s)
>> >
>> I am not yet familiar with devkit, so I don't use it. I built emel
>> with default options.
>>
>> I am not sure how to do it, but I think that emel could check whether
>> a device is LUKS-encrypted, and pop a dialogue requiring the password
>> when necessary. For example,
>> root@liv-laptop:/etc# cryptsetup status misc
>> /dev/mapper/misc is inactive.
>>
>> when /media/misc wasn't yet mounted via LUKS, and
>> root@liv-laptop:/etc# cryptsetup status misc
>> /dev/mapper/misc is active:
>> cipher: aes-cbc-plain
>> keysize: 256 bits
>> device: /dev/sda9
>> offset: 2056 sectors
>> size: 1026041 sectors
>> mode: read/write
>>
>> when the partition was decrypted. But I'm confident there's a nicer
>> way to probe for this.
>>
>> Regards
>> Liviu
>>
>>
>>
>> > Regards
>> > Tom
>> >
>> >
>> > --
>> > Users can unsubscribe from the list by sending email to
>> > emelfm2-request@xxxxxxxxxxxxx with 'unsubscribe' in the subject field or
>> > by logging into the web interface.
>> >
>>
>>
>>
>> --
>> Do you know how to read?
>> http://www.alienetworks.com/srtest.cfm
>> http://goodies.xfce.org/projects/applications/xfce4-dict#speed-reader
>> Do you know how to write?
>> http://garbl.home.comcast.net/~garbl/stylemanual/e.htm#e-mail
>>
>>
>> --
>> Users can unsubscribe from the list by sending email to
>> emelfm2-request@xxxxxxxxxxxxx with 'unsubscribe' in the subject field or by
>> logging into the web interface.
>>
>
>
> --
> Users can unsubscribe from the list by sending email to
> emelfm2-request@xxxxxxxxxxxxx with 'unsubscribe' in the subject field or by
> logging into the web interface.
>
--
Do you know how to read?
http://www.alienetworks.com/srtest.cfm
http://goodies.xfce.org/projects/applications/xfce4-dict#speed-reader
Do you know how to write?
http://garbl.home.comcast.net/~garbl/stylemanual/e.htm#e-mail
--
Users can unsubscribe from the list by sending email to
emelfm2-request@xxxxxxxxxxxxx with 'unsubscribe' in the subject field or by
logging into the web interface.
Other related posts:
