[Dshield] Requiring a key-pair to mount a volume

Don Jackson dwjackson at bcbsal.org
Mon Dec 19 15:04:07 GMT 2005

There is a free, open-source alternative to PGP Virtual Disk called
"TrueCrypt" which has several advantages:

1. It works on Win32, Win64, and Linux.
2. It supports "hidden volumes".
3. It supports cipher cascades (multiple, user-specified hash and
encryption algorithms).
4. Can use partitions (like EFS) or container files (like PGP).
5. Volumes can be mounted as removable media (in Windows) so no Recycle
Bin or System Volume Information is created.
6. It's free, even for commercial use.
7. Its source (all of it) is readily available for peer review.

You could install TrueCrypt on the computer(s) on which you want to
mount the volume, or include the both the Windows and Linux versions on
a FAT-formatted device along with the container file and use it like you
would from a preinstall environment (like Bart PE).

>>>> stasinia at msoe.edu 12/17/2005 3:25 pm >>>
>You have 2 choices.  First you can use EFS to encrypt the drive and
>distribute the certificate pair to every computer you would like to
>access the drive from.  Second you can use "PGP Virtual Disk" (costs
>money though).  It would create a single PGP encrypted filed on the
>key, which you would decrypt and mount as a new drive letter.
>Let me know if you need a more detailed description of the above
>Adam Stasiniewicz 
>Computer and Communication Services Department 
>Milwaukee School of Engineering 
>MSCE: Messaging & Security 2003
>-----Original Message-----
>From: list-bounces at lists.dshield.org 
>[mailto:list-bounces at lists.dshield.org] On Behalf Of Anthony Rodgers
>Sent: Friday, December 16, 2005 11:47 AM
>To: General DShield Discussion List
>Subject: [Dshield] Requiring a key-pair to mount a volume
>Like many folks, I use a USB thumb drive and was wondering if there  
>was a way of allowing it to mount only on machines that had the  
>appropriate half of a PKI pair, or requiring a passphrase to unlock a 

>keypair in order to mount the drive.
>The object would be to prevent someone mounting the drive on their  
>machine if I lost it.
>Any thoughts?
>Anthony Rodgers
>Business Systems Analyst
>District of North Vancouver
>Web: http://www.dnv.org 
>RSS Feed: http://www.dnv.org/rss.asp 

*** *** *** *** *** *** *** *** *** ***
This e-mail is intended for the sole use of the individual(s) to whom it is addressed, and may contain information that is privileged, confidential and exempt from disclosure under applicable law.  You are hereby notified that any dissemination, duplication, or distribution of this transmission by someone other than the intended addressee or its designated agent is strictly prohibited.  If you receive this e-mail in error, please notify me immediately by replying to this e-mail.
*** *** *** *** *** *** *** *** *** ***

More information about the list mailing list