cdf123 at cdf123
Mar 3, 2008, 12:23 PM
Post #2 of 2
(2181 views)
Permalink
|
|
Re: User authentication with key-file and gpg-agent
[In reply to]
|
|
Florian Philipp wrote:
> Hi!
>
> Now that my initrd-script is ready and provides me with the means to
> encrypt partitions with a gpg-encrypted key-file [1], I'd like to use
> the very same file for user authentication.
>
> It would be even better if gpg-agent could get it right from the user
> authentication (pam) to use it for as many services as possible, ssh,
> gpg, gnome-keyring (?), sudo (?), password database.
>
> I think what I really want is something like a poor man's version of
> smartcard authentication.
>
> Could you please give me some hints? I'd be pleased to hear any
> comments, criticism and recommendations on that issue.
>
> Thanks in advance!
>
> Florian Philipp
>
> [1] basically 1k of random data, encrypted with 3DES by gpg
emerge pam_usb
The latest version of pam_usb uses the usb serial number of the drive,
the older one uses an encrypted key in a hidden directory and can be
used with more than just a usb key (basically any mountable device would
work).
I would also recommend checking out how to make your own custom rules in
udev. This can let you auto-mount the device on connect, or run a
command on connect, etc..
Between the two you should be able to make a good auth function. If you
know any C/C++ you could combine the two into a custom setup (e.g. using
the contents of a file on the key, decrypted via the serial number to
get your gpg data..., or use your imagination.)
Good luck,
Chris Frederick
--
gentoo-security [at] lists mailing list
|
signature.asc
