On 8/14/07, Alon Bar-Lev <[EMAIL PROTECTED]> wrote: > On 8/14/07, Pavel Machek <[EMAIL PROTECTED]> wrote: > > Hi! > > > > I'd like to commit > > > > Suspend encryption > > ~~~~~~~~~~~~~~~~~~ > > > > Encryption in suspend.sf.net uses RSA internally; reason is that we > > want to only prompt for passphrase on resume. So, during suspend, > > image is effectively encrypted with public key, and during resume, > > user has to first decrypt private key using passphrase, which then > > decrypts the image. > > > > as a README.encryption . Ok? Any improvements? > > Pavel > > Hello Pavel, > > The documentation is OK, but: > > I think that adding the PK logic into suspend is an overkill... > Best to support only symmetric operations, and load symmetric key from > a file/handle as losetup does.
The image is always encrypted with symmetric algo. If RSA is used (optional) then the key for the symmetric encryption is random and the PK is used to safely store the key in the header of the image; the random key is encrypted with RSA and stored in the header, RSA private key is (encrypted using the password at installation time) is also stored in the header. At resume the password is used to unlock the private key which is then used to decrypt the random key. IOW we don't use RSA to encrypt the whole image ;) Luca ------------------------------------------------------------------------- This SF.net email is sponsored by: Splunk Inc. Still grepping through log files to find problems? Stop. Now Search log events and configuration files using AJAX and a browser. Download your FREE copy of Splunk now >> http://get.splunk.com/ _______________________________________________ Suspend-devel mailing list Suspend-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/suspend-devel
