For some time I was trying to get some KDE support for volumes encrypted with LUKS. Gnome has it, but I wasn't able to get the behavior similar to gnome-volume-manager in KDE. I have found KDE feature request about that: http://bugs.kde.org/show_bug.cgi?id=113629, but so far it hasn't been added. One of the comments mentions, that SuSE does have it in KDE.
After some more investigations I have found, that SuSE has additional program called "kryptomedia" - it is a part o kdebase-SuSE package. It shows dialog with password prompt for given HAL UDI and tries to decrypt it. But it needs to be called from within mediamanager module of kded. I have found SuSE patch that adds support for kryptomedia into kdemediamanager: http://lists.opensuse.org/opensuse-commit/2007-01/msg00540.html. I took sources of kryptomedia and parts of media kioslave, modified it according to that patch, and I got all of it working in KDE 3.5.7 (in ArchLinux)! Here is how to do that:
- Download source: kde_luks.tar.gz (it includes source of kryptomedia and modified mediamanager - without any unnecessary files, prepared for easy compilation)
- Extract it:
tar xzf kde_luks.tar.gz && cd kde_luks
- Compile it:
make -f Makefile.cvs && ./configure && make && su -c "make install"
- Restart KDE
"make install" will install kryptomedia and modified mediamanager to KDE directory. It will overwrite files installed from kdebase package (modified mediamanager will be replaced during next kdebase package upgrade - so "make install" should be repeated after each KDE upgrade). Probably it is quite easy to add separate KDED module just for dealing with encrypted volumes, but I haven't done that yet - maybe in the future (but it would be the best to have native KDE support for that).
Here is a screenshot of kryptomedia:
After a volume is decrypted with kryptomedia, it can be mounted with standard KDE media manager, just like any removable disk without encryption - even "a new volume found" dialog with list of actions is displayed.
UPDATE: I had a problem with kryptomedia, that was detecting my home directory which was mapped and already mounted during system boot. So it opened a password dialog, and if I entered correct password, it decrypted the same device for the second time, and mounted it in a separate directory. If I changed anything in one directory, those changes were not reflected in the other. After I umounted and luksClosed both of them, and opened that partition again, data on it was corrupted. The problem is that cryptsetup lets to map the same device multiple times. I created a workaround for that problem. kde_luks.tar.gz is changed and it now includes modified version of kryptomedia. The program when provided with HAL UID will check all HAL devices to see if any of them uses the same UID as its "volume.crypto_luks.clear.backing_volume". If so, it means that volume with given UID is already mapped and it just exits without displaying any dialogs. This way it is not possible to map the same LUKS volume multiple times with kryptomedia (even if it is still possible to do with cryptsetup).