Gentoo Logo
Gentoo Spaceship




Note: Due to technical difficulties, the Archives are currently not up to date. GMANE provides an alternative service for most mailing lists.
c.f. bug 424647
List Archive: gentoo-security
Navigation:
Lists: gentoo-security: < Prev By Thread Next > < Prev By Date Next >
Headers:
To: gentoo-security@g.o
From: Chris Frederick <cdf123@...>
Subject: Re: User authentication with key-file and gpg-agent
Date: Mon, 03 Mar 2008 13:23:17 -0600
Florian Philipp wrote:
> Hi!
> 
> Now that my initrd-script is ready and provides me with the means to
> encrypt partitions with a gpg-encrypted key-file [1], I'd like to use
> the very same file for user authentication.
> 
> It would be even better if gpg-agent could get it right from the user
> authentication (pam) to use it for as many services as possible, ssh,
> gpg, gnome-keyring (?), sudo (?), password database.
> 
> I think what I really want is something like a poor man's version of
> smartcard authentication. 
> 
> Could you please give me some hints? I'd be pleased to hear any
> comments, criticism and recommendations on that issue.
> 
> Thanks in advance!
> 
> Florian Philipp
> 
> [1] basically 1k of random data, encrypted with 3DES by gpg

emerge pam_usb

The latest version of pam_usb uses the usb serial number of the drive, 
the older one uses an encrypted key in a hidden directory and can be 
used with more than just a usb key (basically any mountable device would 
work).

I would also recommend checking out how to make your own custom rules in 
udev.  This can let you auto-mount the device on connect, or run a 
command on connect, etc..

Between the two you should be able to make a good auth function.  If you 
know any C/C++ you could combine the two into a custom setup (e.g. using 
the contents of a file on the key, decrypted via the serial number to 
get your gpg data..., or use your imagination.)

Good luck,
Chris Frederick
-- 
gentoo-security@g.o mailing list


References:
User authentication with key-file and gpg-agent
-- Florian Philipp
Navigation:
Lists: gentoo-security: < Prev By Thread Next > < Prev By Date Next >
Previous by thread:
User authentication with key-file and gpg-agent
Next by thread:
(intet emne)
Previous by date:
User authentication with key-file and gpg-agent
Next by date:
Re: Encryption Ciphers


Updated Jun 17, 2009

Summary: Archive of the gentoo-security mailing list.

Donate to support our development efforts.

Copyright 2001-2013 Gentoo Foundation, Inc. Questions, Comments? Contact us.