1
I have a USB with Debian Linux installed on it. I've encrypted a folder with sensitive data...
- created a key
- tar'd a directory
- encrypted the tar file using openssl and key
If the folder is decrypted...
- decrypt the encrypted tar file using openssl and key
- untar the directory
...so I can run an executable from that decrypted folder and then in a worst case scenario if someone just unplugs the USB, how can I protect that sensitive data? Other scenarios that could leave the data unencrypted that I could imagine are shutdown now
or reboot now
commands. Someone could...
- mount the USB (and specific partition with the sensitive data) on a system they have root access to and pull the decrypted data off the drive
- plugin the USB and run Linux and access the data or send it somewhere else via rsync or some other method
- copy the entire image of the USB and flash it onto a new USB
Wondering if I can...
- prevent mounting the drive to another system
- or run a clean up script on mount
- run a cleanup script on
shutdown now
orreboot now
I've read and know I can...
- run a script to clean up the data on
reboot
(different thanreboot now
) orshutdown
(different thanshutdown now
) or on startup.
I'd prefer...
- to and am only using a password keyfile and not a manually entered password (I understand the risks)
- to and am using a bash script (as opposed to a GUI) to decrypt sensitive data and run an executable
- not to encrypt a partition
Any help/ideas on cleaning up or protecting that sensitive data when the USB is unplugged are welcome!