advise for secure removal of keyfile
by slac-in-the-box from LinuxQuestions.org on (#5MF0A)
Howdy slackers:
I am automating luks+lvm installing.
My script prompts me for passkey, saves the key to a file, and then uses cryptsetup with the --key-file option
After setup, I would like the script to remove this temporary keyfile such that recovery or forensics software would not be able to retrieve it.
At slackbuilds, there is srm and wipe. srm says it doesn't work with journaled file systems, and I use ext4. wipe has not seen an update in over seven years... but maybe it doesn't need one.
So without using either, my strategy is as follows:
Are there any flaws with this strategy?
I am automating luks+lvm installing.
My script prompts me for passkey, saves the key to a file, and then uses cryptsetup with the --key-file option
After setup, I would like the script to remove this temporary keyfile such that recovery or forensics software would not be able to retrieve it.
At slackbuilds, there is srm and wipe. srm says it doesn't work with journaled file systems, and I use ext4. wipe has not seen an update in over seven years... but maybe it doesn't need one.
So without using either, my strategy is as follows:
- use "dd if=/dev/zero of=keyfile.img bs=512 count=8" to create a 4kb blank image
- use "mkfs.ext4 keyfile.img" to format the image with a file system
- use "mount keyfile.img /mnt/tmp" to mount the filesystem
- let the script write the passkey to /mnt/tmp/keyfile
- once the script is done with the keyfile, I thought I could
- use "umount /mnt/tmp" to unmount the image
- use "dd if=/dev/urandom of=keyfile.img bs=512 count=8" to write random data over the image (maybe four times even)
- use "rm keyfile.img" to delete the image.
Are there any flaws with this strategy?