! Please note that this is a snapshot of our old Bugzilla server, which is read only since May 29, 2020. Please go to gitlab.xfce.org for our new server !
Improve handling of encrypted removable devices
Status:
RESOLVED: WORKSFORME
Severity:
enhancement

Comments

Description Yves-Alexis Perez editbugs 2009-06-02 12:20:50 CEST
Hi,

during the 1.0 ages, Colin Leroy submitted a set of patches to support handling of encrypted (through cryptsetup/dm-crypt) removable devices. The final, merged version, was a patch for thunar-volman to support decryption at plug time, so it would minimize modifications (and in particular abi change to exo and or thunar-vfs). This was a good decision at that time, but it may be time to reconsider this now that there will be quite some changes in exo (not to mention thunar-gio :) )

As said above, atm the decryption is made at plug time, which might not be the perfect setup, since that means already plugged devices won't be seen. Or if doesn't want to setup the encrypted device at plug time, it has to click on “ignore” but then, later, he has to deplug-replug the device to gain access to encrypted partition.

Same thing goes for removal. If the user wants to unmount the encrypted partition (to not let encrypted data available too long), then, later, he'll have to unplug/replug the device.

It would be nice to have that thing handled directly in exo or thunar, so one can plug the device, see the “clear” partition appear (greyed out because they aren't mounted), and the encrypted ones appear too (maybe greyed with a lock emblem or something). Then one can click on it and it'll run the “setup” (or “open” in cryptsetup) action, make the underlying partitions available, so they will be displayed (greyed out) to the user so he can mount them. Then, he can unmount the partition when he has done, and he can right click on the encrypted partition and say “close” or “tear down”. then the underlying partitions are unmounted (if mounted) and the encrypted partition is teared down (“closed” for cryptsetup).

From an UI pov, in the thunar sidebar we could see:

1) Nothing plugged in
- corsac's home 
- Trash
- Desktop
- File system

2) Usb key plugged (3 partitions, 2 clear (labels EXT and FAT), 1 encrypted
- corsac's home 
- Trash
- Desktop
- File system
- 1G USB-Key
  - EXT (greyed out)
  - FAT (greyed out)
  - Encrypted 256M partition (greyed+lock)

(labels might be a bit long and I'm not sure about the topmost “1G USB-Key”, that may clutter the UI, but it would make things consistent and one could have the “eject” (if the device requires it) on that item instead of on the partitions)

3) Usb key plugged (partition EXT mounted, encrypted partition setup'ed, two underlying partitions, sec-EXT and sec-FAT)
- corsac's home 
- Trash
- Desktop
- File system
- 1G USB-Key
  - EXT
  - FAT (greyd out)
  - Encrypted 256M partition
    - sec-EXT (greyed)
    - sec-FAT (greyed)

The user can right click on sec-* to (u)mount them or on “encrypted…” to tear down the encrypted device.

This is a bit rough at the moment, and I'm not sure it won't clutter too much the UI and/or the code, but it would make the life easier.

What do you think?

--
Yves-Alexis
Comment 1 Colin Leroy 2009-06-02 12:31:15 CEST
It'd be more complete than what's existing right now.

Now, I think Jannis is pretty busy porting Thunar to GIO, so probably jumping to coding this right now would be premature (or the work would have to be done approximately twice ;-)
Comment 2 Yves-Alexis Perez editbugs 2009-06-02 12:36:30 CEST
Thanks for(In reply to comment #1)
> It'd be more complete than what's existing right now.

Yeah, after some time of using the feature (which works pretty fine), I thought about some improvement :)
> 
> Now, I think Jannis is pretty busy porting Thunar to GIO, so probably jumping
> to coding this right now would be premature (or the work would have to be done
> approximately twice ;-)

Yeah that's not something which should be done in thunar-vfs/stable branch but in the thunar-gio one. Jannis is definitely busy on this (and commented on irc that he didn't know anything to luks devices), but I think the issue should be thought about quite early in the development phase. Maybe it's too early to start thinking, but it doesn't harm to at least open the bug so it's not forgotten :)

Cheers, 
--
Yves-Alexis

(btw did you see my BR in thunar 1.0.1 about the dual asking of passphrase?)
Comment 3 Nick Schermer editbugs 2012-11-07 13:54:15 CET
How relevant is this these days?
Comment 4 Robby Workman editbugs 2014-12-03 15:15:37 CET
Pretty sure this is all handled well these days. Closing as WFM; reopen if needed.

Bug #5419

Reported by:
Yves-Alexis Perez
Reported on: 2009-06-02
Last modified on: 2014-12-03

People

Assignee:
Jannis Pohlmann
CC List:
3 users

Version

Attachments

Additional information