What is autocrypt?
it's a set of scripts that use linux hotplug/udev/cryptoapi mechanism to allow you autocrypting a harddrive
what do I means by autocrypting : I means using a "rootplug" ie an identification device to activate the
possibility of mounting automatically a crypted device.
you'll need such tool if typically you have some data you require to protect whith cryptography and that you
want not creating the node "by hand" each time (this require root privileges)
look at the following scenario :
you work into a company which data are sensitives
you don't want to encrypt your home using pam crypt because you don't want to have to setup your workspace
each time you come back. So you dan't want to logout, using a screensaver to prevent use of your computer. But
while you're loged the data are accessible.... a malicious hacker can login to you box via network and have
access to your data....
so what the solution? you can manually create the cryting device mounting and umounting them at demand but
this means you have root privilege
you can use a special identification device, a "key" that do it for you.... that's autocrypt
this solution use the widely available usbkeys/drives to create the unencrypted devices when the key is pluged
and to remove it safely when the device is removed.
how do I use them?
the tools are constituted of 2 sets of files : a set is stored on the computer you use and a script (can be a
compiled program) to store on the key
the computer file set
in the package you'll find a etc/ directory, this contain the configuration files to copy to /etc
these files are devided into a configuration file "cryptdevice" that contains regular expression of the
devices to look for autoencryption (say that you want only sdx* drives to be mapped) and a script that
is stored into dev.d directory
this script is a udev/hotplug script that is executed by udev at (un)plugtime and that will (delete)create the
mapping using informations stored on the key
what will he do ? it will mount the usbkey on a temporary place and look for an executable "cryptsetup" and
if found execute it then it umount the key.
on removal of the key the script will try periodically to remove the crypting mapping. This is done because
the drive can be mounted at the time we removed the key and then removal of the mapping won't be possible.
the key file set
is a script (can be an executable) that must create the crypting mapping at this time it's based on cryptsetup
linux util that can be used to manually create the mapped drive.
it require a key file to be present on the usbkey and a cryptdevice file to exist in /etc
it will look into cryptdevice file for patern of device to map, and use the key to activate the mapping
you can then mount the crypted drive after this
LINKS
downloads/cvs.... on berlios : 
my personal home runned
webserver ^_^
