texternal usb key unlock fully functional - tomb - the crypto undertaker
HTML git clone git://parazyd.org/tomb.git
DIR Log
DIR Files
DIR Refs
DIR README
DIR LICENSE
---
DIR commit dad9a4b7169aebf80d4be0975ff87be002a49e9c
DIR parent f39b6e5cf7f0796a14f953e73cf8cb42b4772e84
HTML Author: Jaromil <jaromil@dyne.org>
Date: Tue, 11 Jan 2011 10:49:44 +0100
external usb key unlock fully functional
Diffstat:
M src/tomb | 121 +++++++++++++++----------------
1 file changed, 60 insertions(+), 61 deletions(-)
---
DIR diff --git a/src/tomb b/src/tomb
t@@ -1,4 +1,4 @@
-#!/bin/zsh
+#!/bin/bash
#
# Tomb
#
t@@ -73,14 +73,14 @@ ask_usbkey() {
done
# get the first partition
- usbpart=`dmesg |tail -n 4 |awk '/ sd.:/ { print $3 }'`
-
+ usbpart=`dmesg |tail -n 8 | grep ' sd.:' |cut -d: -f2`
+ usbpart=`expr substr $usbpart 1 4`
echo
- echo -n "usb key attached, mounting "
+ echo -n "usb key attached, mounting $usbpart "
# what that it is mounted
mounted=false
while [ "$mounted" != "true" ]; do
- cat /proc/mounts | tail -n2 | grep -q "^/dev/$usbpart"
+ cat /proc/mounts | tail -n 2 | grep -q $usbpart
if [ $? = 0 ]; then mounted=true; fi
echo -n "."
sleep .5
t@@ -315,77 +315,76 @@ mount_tomb() {
exit 0
fi
+ # check if key file is present
+ if ! [ -r "${enc_key}" ]; then
+ error "encryption key ${enc_key} not found on disk"
+ error "use -k option to specify which key to use"
+ error "or provide a usb key, or press ctrl-c to abort"
+ ask_usbkey ".tomb/$enc_key"
+ if ! [ -r "${enc_key}" ]; then
+ error "key is missing."
+ exit 0
+ fi
+ fi
+
nstloop=`losetup -f`
losetup -f ${FILE}
act "check for a valid LUKS encrypted device"
cryptsetup isLuks ${nstloop}
- if [ $? = 0 ]; then # it's a LUKS encrypted nest, see cryptsetup(1)
+ if [ $? != 0 ]; then
+ # is it a LUKS encrypted nest? see cryptsetup(1)
+ error "$FILE is not a valid Luks encrypted storage file"
+ exit 0
+ fi
- # check if key file is present
- if ! [ -r "${enc_key}" ]; then
- error "encryption key ${enc_key} not found on disk"
- error "use -k option to specify which key to use"
- error "or provide a usb key, or press ctrl-c to abort"
- ask_usbkey ".tomb/$enc_key"
- if ! [ -r "${enc_key}" ]; then
- losetup -d ${nstloop}
- sleep 5
- return
- fi
- fi
- modprobe dm-crypt
- modprobe aes-i586
+ modprobe dm-crypt
+ modprobe aes-i586
+
+ # save date of mount in minutes since 1970
+ mapdate="`date +%s`"
+ mapdate="`echo ${mapdate}/60 | bc -l | cut -d. -f1`"
+
+ mapper="tomb.`basename $FILE | cut -d. -f1`.$mapdate.`basename $nstloop`"
+
+ notice "Password is required for key ${enc_key}"
+ for c in 1 2 3; do
- # save date of mount in minutes since 1970
- mapdate="`date +%s`"
- mapdate="`echo ${mapdate}/60 | bc -l | cut -d. -f1`"
-
- mapper="tomb.`basename $FILE | cut -d. -f1`.$mapdate.`basename $nstloop`"
+ ask_password
- notice "Password is required for key ${enc_key}"
- for c in 1 2 3; do
-
- ask_password
-
- echo "${scolopendro}" \
- | gpg --passphrase-fd 0 --no-tty --no-options \
- -d "${enc_key}" 2>/dev/null \
- | cryptsetup --key-file - luksOpen ${nstloop} ${mapper}
-
- unset scolopendro
-
- if [ -r /dev/mapper/${mapper} ]; then
- break; # password was correct
- fi
-
- done
+ echo "${scolopendro}" \
+ | gpg --passphrase-fd 0 --no-tty --no-options \
+ -d "${enc_key}" 2>/dev/null \
+ | cryptsetup --key-file - luksOpen ${nstloop} ${mapper}
- if ! [ -r /dev/mapper/${mapper} ]; then
- error "failure mounting the encrypted file"
- tail /var/log/messages
- losetup -d ${nstloop}
- return
+ unset scolopendro
+
+ if [ -r /dev/mapper/${mapper} ]; then
+ break; # password was correct
fi
- act "encrypted storage filesystem check"
- fsck.ext3 -p -C0 /dev/mapper/${mapper}
-
-
-
- mount -t ext3 /dev/mapper/${mapper} ${MOUNT}
+ done
+
+ if ! [ -r /dev/mapper/${mapper} ]; then
+ error "failure mounting the encrypted file"
+ tail /var/log/messages
+ losetup -d ${nstloop}
+ return
+ fi
+
+ act "encrypted storage filesystem check"
+ fsck.ext3 -p -C0 /dev/mapper/${mapper}
+
+
+
+ mount -t ext3 /dev/mapper/${mapper} ${MOUNT}
# TODO: possible mount options to try out:
# -o rw,noatime,nodev,data=writeback,commit=30
# -o rw,noatime,nodev
-
- notice "encrypted storage $FILE succesfully mounted on $MOUNT"
-
- else
-
- error "$FILE is not a valid Luks encrypted storage file"
-
- fi
+
+ notice "encrypted storage $FILE succesfully mounted on $MOUNT"
+
}
umount_tomb() {