From ffbacbab722190a3deed7254311a9992984aa8a0 Mon Sep 17 00:00:00 2001 From: Abhay Rana Date: Fri, 6 Jun 2014 13:21:12 +0530 Subject: [PATCH] Commits a working script that uses gnome-keyring to mount my encrypted /home partition on my external hdd. - Gets passphrase using the gkeyring command - Mounts the pre requisites first - Uses fnek_sig from keyring as well --- gkeyring | 10 ++++++++++ seagate | 21 +++++++++++++++++++++ 2 files changed, 31 insertions(+) create mode 100755 gkeyring create mode 100755 seagate diff --git a/gkeyring b/gkeyring new file mode 100755 index 0000000..8b9b8a8 --- /dev/null +++ b/gkeyring @@ -0,0 +1,10 @@ +#!/usr/bin/python +# EASY-INSTALL-ENTRY-SCRIPT: 'gkeyring==0.3','console_scripts','gkeyring' +__requires__ = 'gkeyring==0.3' +import sys +from pkg_resources import load_entry_point + +if __name__ == '__main__': + sys.exit( + load_entry_point('gkeyring==0.3', 'console_scripts', 'gkeyring')() + ) diff --git a/seagate b/seagate new file mode 100755 index 0000000..2eba8db --- /dev/null +++ b/seagate @@ -0,0 +1,21 @@ +#!/bin/bash +echo "Mounting /dev/sdb1 on /media via mount -a" +sudo mount -a +echo "Mounting /dev/sdb2 on /media/nemo/home" +sudo mount /dev/sdb2 /media/nemo/home +echo "Mounting /dev/sdb3 on /media/nemo/live" +sudo mount /dev/sdb3 /media/nemo/live +echo "Mounting encrypted partition" +echo "Fetching passphrase from gnome-keyring" +export PASSPHRASE=`gkeyring --name 'seagate_passphrase' -l -o secret` +export FNEK_SIG=`gkeyring --name 'seagate_fnek_sig' -l -o secret` + +#We use the method of adding passphrase to a file because command line args can be read by ps +echo "passphrase_passwd=$PASSPHRASE" > /tmp/passphrase +#Add the passphrase to ecryptfs manager +echo $PASSPHRASE | sudo ecryptfs-add-passphrase --fnek +#Mount the encrypted partition +sudo mount -t ecryptfs /media/nemo/home/.ecryptfs/nemo/.Private/ /media/nemo/home/nemo/ -o ecryptfs_sig=1b2d93c21180690d,ecryptfs_fnek_sig=$FNEK_SIG,ecryptfs_cipher=aes,ecryptfs_key_bytes=16,ecryptfs_passthrough=n,key=passphrase:passphrase_passwd_file=/tmp/passphrase +echo "Deleting passphrase file" +rm /tmp/passphrase +echo "Done" \ No newline at end of file