01

If dealing with encryption especially with GPG keys on several hosts it might be a good idea to use different passphrases for a secret secret key. If it is a good idea or not to use different passphrases the answer to this question is not easy and it depends on the situation and the security policies one needs to follow.

Here a short write-up how to change a GPG secret key passphrase:

List GPG available keys in your ~ home directory:

gpg --list-keys

After getting an overview of available keys choose the GPG key you want to alter:

shell % gpg --edit-key <My GPG key>

While using the GPG version 2 the command line interface will only accept the long form of the GPG key. The key will not be recognized or chosen if the short form is used.

Changing the GPG key passphrase:

gpg > passwd

Saving the changed result:

gpg > save

Just last week I have been writing about changing GPG passphrases. In this week I have read a interesting article about the same topic, passphrases. Bruce Schneier advertises a interesting method of randomly generating easy memorable passphrases. The method can be described as generating passphrases by rolling dices or diceware The EFF suggests to use a 6 worded passphrases. Rolling 5 6-sided dices will generate 5 digit random numbers. These randomly generated numbers should be then looked up on a word EFF word-list:

EFF's Long Wordlist for use with five dice
EFF's Short Wordlist #1 featuring only short words, for use with four dice
EFF's Short Wordlist #2 for use with four dice, featuring longer words that may be more memorable.

This method will generate long, easy memorable passphrases that are secure and hard to guess. The general suggestion is to use a "hardware random number generator" that meant use dice or die to genearte the keys and not a computer or a electronical devices. Computers random generators are not as good as rolling a die.

If you speak a second language, or english is not your native language use localized word lists that have been generate secure passphrases. On the EFF's website there is a URL to another author that describes diceware Arnold G. Reinhold At the bottom of the document are URLs to the localized word lists.

Both articles are really worth reading is you really want to generate secure password and passphrases. There are many other methods on how to create secure password and passphrases, but this one was just about the right timing and I found it worth mentioning.

To summarize all this in a short story spent a few seconds and read this xkcd internet comic.

   .-------.    ______
  /   o   /|   /\     \
 /_______/o|  /o \  o  \
 | o     | | /   o\_____\
 |   o   |o/ \o   /o    /
 |     o |/   \ o/  o  /
 '-------'     \/____o/ jgs

To extract files from .vmdk files on the CLI, first 2 tools are needed

app-arch/p7zip
sys-fs/multipath-tools

VMWare disk files are compressed archives. First step is to decompress the vmdk archive

user@host $ 7z e virtualdisk.vmdk

This command will decompress the archive and extract the included partitions. The extracted partitions might look like this

user@host $ ls -l
total 48452008
-rw-r--r-- 1 user usergroup   510656512 Jan 11 15:08  0.img
-rw-r--r-- 1 user usergroup 42435870720 Jan 11 19:01  1.lvm
-rw-r--r-- 1 user usergroup     1048576 Jan 11 15:08  2
-rw------- 1 user usergroup  6671171584 Jan 11 15:08  virtualdisk-disk1.vmdk

In the vmdk file contained - 0.img file, - 1.lvm file - 2 file

In this particular case the interesting files have been included in the 1.lvm file. Now the .lvm file needs to be mounted to gain access to the files.

Execute losetup which sets up and controls loop devices:

root@host # losetup /dev/loop0 1.lvm

Use kpartx tool which creates device maps from partition tables:

root@host # kpartx -a /dev/loop0

Mount the partition file to a mount point in the tree here /dev/partition/

root@host # mount /dev/mapper/
completing device or mount point
operating-system-vg-root@    operating-system-vg-swap_1@  loop0p1

root@host # mount /dev/mapper/operating-system-vg-root@ /mnt/partition/

At this moment the interesting files can be accessed via the mountpoint:

user@host $ df -h | grep mnt
/dev/mapper/operating-system-vg-root   33G  4.3G   27G  14% /mnt/partition

Change to /mnt/partition to access the interesting files:

user@host $ cd /mnt/partition
user@host $ ls -l
drwxr-xr-x  2 root root  4096 May 27  2017 bin/
drwxr-xr-x  2 root root  4096 May 27  2017 boot/
drwxr-xr-x  4 root root  4096 May 27  2017 dev/
drwxr-xr-x 97 root root  4096 Jan 11 13:56 etc/
drwxr-xr-x  2 root root  4096 Apr 12  2016 home/
drwxr-xr-x 16 root root  4096 May 27  2017 lib/
drwxr-xr-x  2 root root  4096 Feb 15  2017 mnt/
drwxr-xr-x  9 root root  4096 May 27  2017 opt/
drwxr-xr-x  2 root root  4096 Apr 12  2016 proc/
drwx------  3 root root  4096 Jan 11 15:04 root/
drwxr-xr-x  2 root root  4096 May 27  2017 sbin/
drwxr-xr-x  2 root root  4096 Feb  5  2016 sys/
drwxrwxrwt  8 root root  4096 Jan 11 15:07 tmp/
drwxr-xr-x 11 root root  4096 May 27  2017 usr/
drwxr-xr-x 12 root root  4096 May 27  2017 var/

←	Jan 2018					→
M	T	W	T	F	S	S
1	2	3 Change GPG secret key passphrase	4	5	6	7
8 EFF dice generated passphrases	9	10	11	12 Extract files from VMDK images	13	14
15	16	17	18	19	20	21
22	23	24	25	26	27	28
29	30	31