Date: Thu, 23 Mar 2017 13:11:24 +0100 From: Matthias Apitz <guru@unixarea.de> To: freebsd-questions@freebsd.org Subject: geli USB key and a copy of this in file system Message-ID: <20170323121124.GA3771@c720-r314251>
next in thread | raw e-mail | index | archive | help
Hello,
I have some secrets stored on an USB key which is crypted with geli(8)
that way:
making a geli-USB stick:
# geli init -s 2048 /dev/da0
Enter new passphrase:
Reenter new passphrase:
# geli attach /dev/da0
Enter passphrase:
# dd if=/dev/random of=/dev/da0.eli bs=1m
# newfs /dev/da0.eli
...
the secret files itself within the /dev/da0.eli filesystem are ciphered
with GnuPG and the USB key is stored at home in a save place.
To carry a copy with me on my laptop, I have a copy of the USB key as a
file 'geli.dd' which can be used the same way, i.e.
MD=`mdconfig -a -t vnode -f geli.dd` || exit 1
echo attaching ${MD} and mounting /dev/${MD}.eli
echo ${MD} > /tmp/geli
geli attach ${MD} || {
mdconfig -d -u ${MD}
exit 1
}
mount /dev/${MD}.eli /priv
ls -l /priv
...
Ofc, this is only to have read access to the data (or store something
temporarily to copy it later to the primary place, the USB geli
partition ond the key).
My question is: Is there any concern about the security of the data
stored in 'geli.dd', for example in case of laptop teft or lost?
Thanks
matthias
--
Matthias Apitz, ✉ guru@unixarea.de, ⌂ http://www.unixarea.de/ ☎ +49-176-38902045
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20170323121124.GA3771>