[gentoo-user] [OT] Storing ssh and gpg keys in USB flash drives

[gentoo-user] [OT] Storing ssh and gpg keys in USB flash drives

[José González Gómez]

[-- Attachment #1: Type: text/plain, Size: 1082 bytes --]

Hi there,

I would like to store my ssh and gpg keys in my usb flash drive, but I'm not
sure what's the best way to do it:

If I use vfat so I can also read them from Windows I have two problems:
first you must mount your USB key with a 0077 umask, so ssh and gpg doesn't
complain about key permissions; latest KDE version seems to auto mount USB
flash drives using pmount with a 0022 umask and I haven't been able to
change this, so I either mount it manually or change the permissions after
being mounted. The second problem is related to gpg: it seems that gpg uses
links to lock the keyrings, and vfat doesn't support them, so I'm able to
read keys, but not to make any modfication on them.

If I use ext2 the permission problem goes away (kind of), but I have the
feeling that this isn't as portable as vfat, as the filesystem uses the user
id to control access to files, and pluging the drive in another system where
my user may have anoter uid leads me to chowning/chmoding in the better case
or not having access to my keys in the worst case.

Any ideas?

Best regards
Jose

[-- Attachment #2: Type: text/html, Size: 1149 bytes --]

Re: [gentoo-user] [OT] Storing ssh and gpg keys in USB flash drives

[Kent Fredric]

On 7/5/07, José González Gómez <jgonzalez.openinput@gmail.com> wrote:
> Hi there,
>
> I would like to store my ssh and gpg keys in my usb flash drive, but I'm not
> sure what's the best way to do it:
>
> If I use vfat so I can also read them from Windows I have two problems:
> first you must mount your USB key with a 0077 umask, so ssh and gpg doesn't
> complain about key permissions; latest KDE version seems to auto mount USB
> flash drives using pmount with a 0022 umask and I haven't been able to
> change this, so I either mount it manually or change the permissions after
> being mounted. The second problem is related to gpg: it seems that gpg uses
> links to lock the keyrings, and vfat doesn't support them, so I'm able to
> read keys, but not to make any modfication on them.
>
> If I use ext2 the permission problem goes away (kind of), but I have the
> feeling that this isn't as portable as vfat, as the filesystem uses the user
> id to control access to files, and pluging the drive in another system where
> my user may have anoter uid leads me to chowning/chmoding in the better case
> or not having access to my keys in the worst case.
>
> Any ideas?
>
> Best regards
> Jose
>

vfat{
 vfatfiles
 ext2fs{
    gpg_stuff
 }
}

1. Mount vfat drive
2. dd if=/dev/full bs=1048580 count=4096 of =/mountpoint/mynewextfile
3. mkfs.ext2 /mountpoin/mynewextfile
4. mount /mountpoint/mynewextfile/  /someothermountpoint/
5. cp files to /someothermountpoint/
6. use /someothermountpoint/
7. umount /someothermountpoint/
8. umount /mountpoint/

I didn't say it would be pretty, but that is a handy trick to have up the sleve.
that would make a 4 Meg file containing a filesystem to hold your
files, just like a TAR file, except with all the features of ext2 and
no need unpack it to use.

You can do anything with linux, really. Yes. even format a file as a
filesystem and mount it
( a word of warning : dont do this and format with reiserfs and then
store that file on a reiserfs fs ... if you do, next time you need to
--rebuild-tree reiser will try to be smart and trash your drive :) ...
learn't the hard way )

-- 
Kent
ruby -e '[1, 2, 4, 7, 0, 9, 5, 8, 3, 10, 11, 6, 12, 13].each{|x|
print "enNOSPicAMreil kdrtf@gma.com"[(2*x)..(2*x+1)]}'
--
gentoo-user@gentoo.org mailing list