[Pkg-cryptsetup-devel] gpg key
Håvard Moen
post at haavard.name
Tue Sep 5 08:19:37 UTC 2006
Hi, I've looked at what need to be done to get gpg in cryptsetup working. The
changes needed in decrypt_gpg in /lib/cryptsetup/cryptdisks.functions is:
- gpg needs access to the keyrings. Setting HOME to somewhere with a working
.gpg directory solves this
- tempfile creates a file, which makes it necessary for gpg to owerwrite it.
Either the file needs to be removed after running tempfile, tempfile can be
changed to something like mktemp -u or --yes is needed as an extra option to
gpg.
- --no-tty is needed as an option to gpg to avoid gpg exiting because it can
not open /dev/tty
- And of course in line 271 gnupg needs to be changed to gpg, but I reccon
that was intentional
Can I also suggest that you use shred -u instead of rm in clean_keys, as /tmp
may be mounted on an insecure volume.
--
Håvard
Barbarism is the natural state of mankind. Civilisation is unnatural.
It is a whim of circumstance. And barbarism must always ultimately triumph.
-- Conan
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 2224 bytes
Desc: not available
Url : http://lists.alioth.debian.org/pipermail/pkg-cryptsetup-devel/attachments/20060905/d0198b66/smime.bin
More information about the Pkg-cryptsetup-devel
mailing list