[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: session-key proposal

To: Noll Janos <johnzero@johnzero.hu>
Subject: Re: session-key proposal
From: Jari Ruusu <jari.ruusu@pp.inet.fi>
Date: Wed, 03 Apr 2002 20:01:44 +0300
CC: linux-crypto@nl.linux.org
List-archive: <http://mail.nl.linux.org/linux-crypto/>
List-help: <mailto:listar@nl.linux.org?Subject=help>
List-owner: <mailto:riel@nl.linux.org>
List-post: <mailto:linux-crypto@nl.linux.org>
List-software: Listar version 1.0.0
List-subscribe: <mailto:linux-crypto-request@nl.linux.org?Subject=subscribe>
List-unsubscribe: <mailto:linux-crypto-request@nl.linux.org?Subject=unsubscribe>
Original-Recipient: rfc822;linux-crypto-archive@nl.linux.org
References: <XFMail.20020401214736.johnzero@johnzero.hu> <3CA9E82B.46088F93@pp.inet.fi>
Sender: linux-crypto-bounce@nl.linux.org

Jari Ruusu wrote:
> Noll Janos wrote:
> >  1. The session key traverses userspace, and thus, can be captured more
> >     easily. And once someone knows the session key, he cannot be locked
> >     out. Though this is only needed in very rare cases and setups.
> 
> Non-root users don't have access to session key, if the GnuPG encrypted file
> is made root-only-readable and program that pipes that file's contents to
> gpg and losetup/mount is made setuid-root.
> 
[snip]
> 
> >  3. It needs some scripting, hacking, external programs (like GPG)
> >     -- which is fine, if you're a programmer, but might be too much for
> >     "Average Joe"
> 
> Writing such script or program should not be a major problem to anyone who
> knows what they are doing.

I wrote a script to create setuid-root executable program. That script is
attached. Setuid-root code needs to be a program, because Linux ignores the
SUID and SGID bits on scripts. Here is an example of how it can be used:

Create random session key and encrypt that key using root's (in this case
Jari Ruusu's) GnuPG public key.

    umask 077
    dd if=/dev/urandom bs=45 count=1 2>/dev/null | uuencode -m - | head -2 \
        | tail -1 | gpg -e -a -r "Jari Ruusu" > /root/masterkey-secret1.gpg

Use random session key to setup /dev/loop0 to partition /dev/hda666 and
create encrypted ext2 file system.

    gpg --decrypt < /root/masterkey-secret1.gpg \
        | losetup -p 0 -e AES128 /dev/loop0 /dev/hda666
    mkfs -t ext2 /dev/loop0
    losetup -d /dev/loop0

Create a mount point for encrypted partition.

    mkdir /secret1

Build setuid-root executable program to read root-only-readable
/etc/userkey-secret1.gpg file and to pipe its contents through
"gpg --decrypt" to "mount -p X /secret1". /secret1 is the mount point where
filesystem is to be mounted. /usr/local/bin/gpgmount-secret1 is the created
setuid-root executable program.

    ./build-gpgmount.sh /etc/userkey-secret1.gpg /secret1 /usr/local/bin/gpgmount-secret1

Add mount information to /etc/fstab file. Something like this:

 /dev/hda666 /secret1 ext2 defaults,user,noauto,encryption=AES128,loop=/dev/loop0 0 0

Create root-only-readable /etc/userkey-secret1.gpg file which contains
session key encrypted with each user's public key. List all users as
recipient who should be able to mount /secret1 encrypted partition. Repeat
this every time you want to add or remove users.

    umask 077
    gpg --decrypt < /root/masterkey-secret1.gpg \
        | gpg -e -a --always-trust -r "John Doe" -r "Tea Lipton" > /etc/userkey-secret1.gpg

Users can mount encrypted partition like this. GnuPG asks for passphrase to
unlock user's secret key.

    gpgmount-secret1

Regards,
Jari Ruusu <jari.ruusu@pp.inet.fi>

build-gpgmount.sh.gz

-----BEGIN PGP MESSAGE-----
Version: 2.6.3ia
Comment: http://loop-aes.sourceforge.net/PGP-public-key.asc

iQCVAwUAPKswozMKg0M6Ig9RAQFnlAQAg28uyuxZbmwyux88EIOfeIYrnyvbM5KH
xN2uAzNyb3gNR6SmNI5zwLV27ax2Oya9jdRFbnuTTv/vnD+7AwRRymP1KZhhZkNT
2jMBayKQUTXCN+JzbNP5Kzu2NpGOY/B/8LkeLF1xLWpY0FloEits8spY1CfigMVA
uNbju1lZlfY=
=qYMu
-----END PGP MESSAGE-----

References:
- Re: session-key proposal
  - From: Noll Janos <johnzero@johnzero.hu>
- Re: session-key proposal
  - From: Jari Ruusu <jari.ruusu@pp.inet.fi>

Prev by Date: International Kernel Patch + Lock Breaking + Preempt = bad
Next by Date: Fw:linux-crypto-archive,questionnaire
Prev by thread: Re: session-key proposal
Next by thread: International Kernel Patch + Lock Breaking + Preempt = bad
Index(es):
- Date
- Thread