cowboy me, 2.0: jose nazario beauty and the street


easy to use USB key with crypto (OpenBSD)

i've started using an encrypted filesystem on my USB storage key under OpenBSD. it's pretty easy using vnconfig -k, only you have to remember your passphrase (and i don't think you can easily change it). based on what this mailing list post says and this howto, you should be able to get this working. i use a 64 MB version of this key.

here's the script i use to manage the device, i keep it as $HOME/bin/crypto-usb:
#!/bin/ksh

# main()

if [ $# -lt 1 ]; then echo "usage: `basename $0` <create|start|stop>" >&2 && exit 1 fi

ACTION=$1 shift

case ${ACTION} in create) sudo mount /dev/sd0i /mnt sudo rm -f /mnt/* # XXX # assumes a 64MB key sudo dd if=/dev/zero of=/mnt/key.img bs=1024 count=64000 sudo vnconfig -cvk /dev/svnd0c /mnt/key.img # you get prompted for a passphrase sudo newfs /dev/svnd0c sudo vnconfig -u svnd0 sudo umount /mnt echo "new filesystem ready to start" ;; start) sudo mount /dev/sd0i /mnt sudo vnconfig -c -v -k svnd0c /mnt/key.img sudo mount /dev/svnd0a /mnt2/ ;; stop) sudo umount /mnt2 sudo vnconfig -u svnd0 sudo umount /mnt echo "it is safe to remove the USB key now" ;; *) echo "usage: `basename $0` <start|stop>" >&2 && exit 1 ;; esac

exit 0
now you can move confidential data around with less worry.

May 4, 2004: fixed a couple of typos, pointed out by goony.

Originally Posted: Saturday, Nov 01, 2003 @ 07:13pm
Updated: May 4, 2004 08:51 am

|

----

| archives

Last modified: Tuesday, May 04, 2004 @ 07:51am
Weblog Commenting and Trackback by HaloScan.com

Your Ad Here

copyright © 2002-2005 jose nazario, all rights reserved.