Using an encrypted usb key for gpg and ssh keys
Mon 09 February 2015
This is one form the archives but probably still useful to somebody..
Ok this is the way I store my gpg and ssh keys on an encrypted usb stick, this is really only relavant to linux users using laptops however there is an element of geek factor so ill go ahead and explain how its done..
first we need to find the model of stick you are using insert and use dmesg to find the details:
#dmesg
scsi 6:0:0:0: Direct-Access Kingston DataTraveler 400 PMAP PQ: 0 ANSI: 0 CCS
sd 6:0:0:0: [sdc] 7823360 512-byte hardware sectors (4006 MB)
sd 6:0:0:0: [sdc] Write Protect is off
sd 6:0:0:0: [sdc] Mode Sense: 23 00 00 00
sd 6:0:0:0: [sdc] Assuming drive cache: write through
sd 6:0:0:0: [sdc] 7823360 512-byte hardware sectors (4006 MB)
sd 6:0:0:0: [sdc] Write Protect is off
sd 6:0:0:0: [sdc] Mode Sense: 23 00 00 00
sd 6:0:0:0: [sdc] Assuming drive cache: write through
sdc: sdc1
sd 6:0:0:0: [sdc] Attached SCSI removable disk
You should see something like this in this case I have used 1 large partion you can use many partitions but what what you are interested in is the sdc: sdc1 information the Model and the distributer in this case Distributer = Kingston Model = DataTraveller
Next create a file in /etc/udev/rules.d called 60-udev.rules :
quantrill@ood:/etc/udev/rules.d$ cat 60-udev.rules \
KERNEL=="sd[a-z]1", NAME="%k", SYSFS{vendor}=="Kingston", \
SYSFS{model}=="DataTraveler 400", GROUP="disk", MODE="0660", SYMLINK="mydev/usbstick" \
in this I am saying that my usbstick will get mounted as /dev/mydev/usbstick each time it is put in the computer.
Now, I will create a LUKS partition on the ZIP disk. As root I run:
#cryptsetup --verbose --cipher "aes-cbc-essiv:sha256" --key-size 256 \
--verify-passphrase luksFormat /dev/mydev/usbstick
Next you need to set up a directory you want to mount the stick as in my case /data2/private
0 drwxr-xr-x 4 quantrill staff 30 2008-10-23 14:51 private
To make it easier I have two scripts one to mount and one to unmount the stick but first we need to put a filesystem on the stick. First mount the virtual file area `
sudo cryptsetup luksOpen /dev/mydev/usbstick encr-usbstick
sudo mkfs.ext2 /dev/mapper/encr-usbstick
` So now we need to mount it..
`
!/bin/bash
===============================================================================
FILE: mount_usbstick.sh
USAGE: ./mount_usbstick.sh
DESCRIPTION:
OPTIONS: —-
REQUIREMENTS: —-
BUGS: —-
NOTES: —-
AUTHOR: (),
COMPANY:
VERSION: 1.0
CREATED: 10/23/08 11:47:21 CEST
REVISION: —-
===============================================================================
sudo cryptsetup luksOpen /dev/mydev/usbstick encr-usbstick sudo mount /dev/mapper/encr-usbstick /data2/private `
and of course unmount it
`
!/bin/bash
===============================================================================
FILE: mount_usbstick.sh
USAGE: ./mount_usbstick.sh
DESCRIPTION:
OPTIONS: —-
REQUIREMENTS: —-
BUGS: —-
NOTES: —-
AUTHOR: (),
COMPANY:
VERSION: 1.0
CREATED: 10/23/08 11:47:21 CEST
REVISION: —-
===============================================================================
sudo umount /data2/private sudo cryptsetup luksClose encr-usbstick `
So we now have an encrypted usbstick with a filesystem. All we do now in move your ~/.gnupg and ~/.ssh directories
to the filearea and link them from your home directory
lrwxrwxrwx 1 quantrill agstaff 19 2008-10-23 12:08 .ssh -> /data2/private/.ssh
lrwxrwxrwx 1 quantrill staff 19 2008-10-23 12:08 .gnupg -> /data2/private/.gnupg