This project has moved and is read-only. For the latest updates, please go here.

Secure scripting to generate the necessary password during startup of the system

Topics: Users Discussion
Jan 28, 2016 at 10:28 PM
Dear all,

there is a server running at my home, which is based on Linux. To protect the personal files/data of my family I installed VeraCrypt on it and it runs very well for the encryption of the data files.

To unlock the data I do apply the following method, which is descriped in the Release Note Section:

Linux:
Support supplying password using stdin in non interactive mode (contributed by LouisTakePILLz)
    Example: veracrypt -t ${IMAGE_PATH} ${MOUNT_PATH} --mount --non-interactive --stdin <<< "$PWD"
According to this proposal I use a batch file on an USB-stick which is automatically started via UDEV rules etc. after inserting the USB stick. That runs very well.

I would like to extend the small /bin/bash-script to have the password automatically generated by taking into account of certain "properties" of my local network. If the server is started in the "known network surrounding" then the script should automatically generate the right password during the start procedure of the server. There would not longer be the need to go downstairs just to insert the USB stick.

If a burglar would take away the server and would start it as a "stand-alone" system, he would fail to access the data, because the script would not be able to generate the right password. I am aware of the dangerous situation, if the burglar takes time to manipulate the server locally at my home. But such a situation can be secured by other means.

As far as I think to know I have the problem that variables, which I do use within the bin/bash-scripting are readable/known by the system itsself and may be stored somewhere (Swap etc.). But I do not want to encrypt the swap file or other parts with exception of some data files.

Question: How do I generate the password and how do I transfer the password to VeraScript afterwards without giving the system knowledge about the content of the variables?

Thank you very much in advance!