First, let me describe what I want achieve and then I will describe what I have tried.
In a nutshell, I would like to be able to use a mixture of "standard" and encrypted USB keys on my openSUSE 10.2 system. By "standard" I mean the basic out-of-the-box keys with a FAT filesystem that are automagically recognized and mounted. For the encrypted keys, it would be nice if I were prompted for the passphrase when I plug them in.
Here is what I've tried so far.
I have searched linuxquestions.org a number of times with terms such as "crypt usb" but not found the answer (or at least have not recognized it).
According to the SUSE documentation installed on my system, the encrypting of removable media, such as a USB key, can be done via the partitioning module of YaST.
So, I plugged in a standard USB key and my system happily attached it. I unmounted the key with the umount command. Some experimentation showed that when I did the "safely remove" thing, the device disappeared from the partition table, but with umount it does not.
I started the partitioning module and selected the existing FAT16 partition on the key (/dev/sdb1). I clicked on "Edit." In the dialog box, I chose to format the partition as ext3 and clicked the box for encryption. Under fstab options I chose to not mount at boot and to make it user mountable. I did not specify a mount point because I was hoping that HAL would take care of everything.
So, I continued and formatted the partition and all seemed good. I removed the key and plugged it back in but nothing happened. I could see the device in the partition table only now it showed up as /dev/sdc1. I removed it and plugged a standard key in. It was mounted in the usual place, but the usual dialog (what do you want to do ...) did not come up. Also it was device /dev/sdc1 also. After a re-boot the device was again /dev/sdb1.
After the reboot, I tried the newly encrypted key again. The device showed up in the partition table and the partition was said to be Linux Native. I created /media/crypt to try a manual mount. The
mount -t ext3 /dev/sdb1 /media/crypt
failed. Obviously, ext3 is not quite correct given I encrypted the filesystem, but I don't know what the correct -t argument should be.
Now, I have a number of questions.
1. Should I specify a mount point so that fstab has the necessary info to mount the thing?
2. If fstab has /dev/sdb1 as an encrypted device, what happens when a standard key is inserted? Will it use /dev/sdc1 for example?
3. Assuming I get this working for one key, what about multiple keys. Is the hashed passphrase on the key so that I can use different passphrases with different keys or do I need to use the same passphrase whenever I use an encrypted key in the /dev/sdb1 slot?
4. Can HAL automate the mounting/unmounting process of encrypted keys?
I hope I'm making myself clear.