On Tue 2007-08-14 23:07:56, Alon Bar-Lev wrote: > On 8/14/07, Pavel Machek <[EMAIL PROTECTED]> wrote: > > Hi! > > > > I'd like to commit > > > > Suspend encryption > > ~~~~~~~~~~~~~~~~~~ > > > > Encryption in suspend.sf.net uses RSA internally; reason is that we > > want to only prompt for passphrase on resume. So, during suspend, > > image is effectively encrypted with public key, and during resume, > > user has to first decrypt private key using passphrase, which then > > decrypts the image. > > > > as a README.encryption . Ok? Any improvements? > > Pavel > > Hello Pavel, > > The documentation is OK, but: > > I think that adding the PK logic into suspend is an overkill... > Best to support only symmetric operations, and load symmetric key from > a file/handle as losetup does. > This allows integration with gpg or smartcard based storage.
With symetric-operations only -- how do you set it up in a way that passphrase is only needed during resume, not during boot or bootup? > A sample of implementation can be found at: > http://wiki.tuxonice.net/EncryptedSwapAndRoot Yep, seen that. I don't get the "integrity verification". When I tamper with your system, why don't I make it to always report "integrity ok"? Pavel -- (english) http://www.livejournal.com/~pavelmachek (cesky, pictures) http://atrey.karlin.mff.cuni.cz/~pavel/picture/horses/blog.html ------------------------------------------------------------------------- This SF.net email is sponsored by: Splunk Inc. Still grepping through log files to find problems? Stop. Now Search log events and configuration files using AJAX and a browser. Download your FREE copy of Splunk now >> http://get.splunk.com/ _______________________________________________ Suspend-devel mailing list Suspend-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/suspend-devel
