> The idea:  I'd like to use geli to encrypt *everything* on the disk.  So
> if someone (a competitor maybe) removes the disk from the machine,   he
> can't gain any data off of it easily.  I know nothing is 100%,  but why
> make the process easy for him?

It seems like there is a more basic problem here than automating key 
downloading.  If the end-user can boot up the box, then they have an 
opportunity to interfere with the boot process.  The code providing 
instructions to fetch a remote key would have to be in the clear, in 
which case the competitor could just use that code to get the remote key 
(since it would do so automatically on boot, I assume you're not 
requiring the client to call you for key authorization every time?) and 
then access the disk.

The problem is wanting to automate the decryption process, I think.

Steve B.
freebsd-questions@freebsd.org mailing list
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Reply via email to