mounting encrypted partition manually

http://en.opensuse.org/Encrypted_Filesystems nicely describes how to
manually create an encrypted volume and then set it up to be mounted
automatically during boot. I would like to do the opposite.
Specifically, I have set up an encrypted partition on an external USB
harddisk using the YaST partitioner, which helpfully added the line

cr_sde5 /dev/disk/by-id/usb-WD_10EACS_External_574341553433393130353730-0:0-part5 none none

to /etc/crypttab so that it is now mounted automatically at each boot.
For my use, though, this has a couple of drawbacks:

  • the boot process hangs, waiting for someone to type in the
    passphrase on the console, which is particularly inconvenient
    when rebooting the machine via SSH
  • the system balks if the disk is not connected, and
  • the volume is accessible all the time while the system is running.

So I would like to un-automate the mounting of that partition, only
mounting it manually when needed (and present). Before I dissect
the /etc/init.d/boot.crypto script (which unfortunately, like
almost all SuSE init scripts, stops working if I try to run it
with “sh -x” to see how it works), does someone have a recipe for
that already? Usable without root privilege if possible? Integrated
with HAL for bonus points, so that the dialog popping up when the
USB disk is plugged in offers the option to mount it?

Pointers to FAQs welcome.

aTdHvAaNnKcSe,
Tilman

This sounds fairly similar to what I wanted.

I have an encypted volume which I only want mounted when I want it to be.

The thing I used was the noauto option in /etc/fstab,

e.g. /dev/sda3 /home/andy/encrypt crypt user,noauto,acl,user_xattr 0 0

Because I use Gnome 2.24 under 11.1, when in Nautilus, I can double click on the on the volume icon on the left hand side, and I get prompted for the password, which when entered, allow Nautilus to present me with the volume.

I do all this without root priviledges (bear in mind that the permissions on the volume allow me to read and write to it $vol/. allow me to rwx])

noauto is what you need.

Cheers