encrypted-usb-sticks

At work I will start to handle sensitive information. Encrypted USB-sticks is a convenient way of handling sensitive data. To auto-mount such USB-sticks I needed to add a row to ivman configuration, that started a new terminal-window for accepting input (the pass-phrase) to pmount.

Here is the needed row:

<ivm:Match name="ivm.mountable" value="true">
     <ivm:Option name="mount" value="true" />
     <ivm:Option name="exec" value="x-terminal-emulator -e pmount '$hal.block.device$'" />
</ivm:Match>

I already had this to open mc with in a any newly mounted volumes:

<ivm:Match name="hal.volume.is_mounted" value="true">
    <ivm:Option name="exec" value="bin/removable-media '$hal.volume.mount_point$'" />
</ivm:Match>

Where bin/removable-media contained something in the lines of

#!/bin/bash
export LC_ALL=sv_SE.utf8
x-terminal-emulator -e mc "$1"
pumount "$1"

Auto-unmounting it when mc is closed.

Together, this gives:

  1. When the encrypted USB-stick is inserted, the user is asked for the passphrase.
  2. After giving the correct passphrase, the USB-stick is mounted and the user is presented with mc browsing the mountpoint
  3. To unmount, the user press F10 mc exits and the USB-stick is unmounted

It would be nice to have the possibility to let the new mountpoint be $HOME, however running programs would be confused, so it should be done when no programs with open files are running. Either run only the window-manager when you insert the stick, or have a test in .xsession that looks for an unmounted usb-stick and if any is found, then runs the script above and then bind-mounts $HOME to new mountpoint.

comments powered by Disqus

Back to the index

Blog roll

R-bloggers, Debian Weekly
Valid XHTML 1.0 Strict [Valid RSS] Valid CSS! Emacs Muse Last modified: oktober 17, 2019