0

I would like to implement a token solution for USB devices.

So I need to encrypt a token with a private key and use the public key to decrypt it. So far so good. The problem comes from the fact that I want to access the token without the key being mounted (under linux or windows). I tried to use labels and UUID volumes but you are quickly limited in number of characters and encoding and moreover the formats change according to the type of key.

Do you have any ideas?

I need to implement the token solution on keys that are already used as storage devices. I also need to be able to read the token on a windows machine. The Ljm Dullaart solution is very good but works only on Linux.

Improve this question
2
  • 1
    Does the USB device have to be a USB storage device, or can it be some other kind of USB device? There are already existing products for use as security tokens, for example YubiKey. Commented Jul 3, 2020 at 7:39
  • Regarding your answer/comment that I moved into the question, the Windows aspect is off-topic here; consider superuser.com as a possible site for that portion of the question. Commented Jul 7, 2020 at 14:10

2 Answers 2

Reset to default
1

Create your own partition on the device. This allows you to still use (most of) the device.

Although it is possible to do

echo "$key" > /dev/sde2

it is probably better to have some recognizable leader in the partition. In that way, you can determine whether it is really a key-device or just a device. So, probably something like:

cat > /dev/sdg2 <<EOF
some_fixed_string_with_a_lot_of_random_characters
$key
closing
EOF


read -d '' -a x < /dev/sdg2
if [ ${x[0]} = "some_fixed_string_with_a_lot_of_random_characters" ] ; then
    key=${x[1]}
fi

You should probably do some check on the size of the partition as well to prevent the read from taking in too much data. And like Ole Tange said, Allow normal users writing to intermittent block devices

Improve this answer
0

Reading your question literally you could store the key on the block device:

echo The Key > /dev/sdf

read thekey < /dev/sdf

But that assumes the user can read/write to the USB device. This can be done by doing this: Allow normal users writing to intermittent block devices

Improve this answer
1
  • This solution is perfect for my uses. Commented Jul 9, 2020 at 9:17

You must log in to answer this question.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.