Re: Announcing crypto suspend
From: Andreas Jellinghaus
Date: Tue Mar 21 2006 - 04:42:13 EST
Rafael J. Wysocki wrote:
> First, you need to generate the RSA key pair using suspend-keygen and save
> the output file as /etc/suspend.key (or something else pointed to by
> the "RSA key file =" configuration parameter of suspend). ÂThis file
> contains the public modulus (n), public exponent (e) and
> Blowfish-encrypted private exponent (d) of the RSA key pair.
> Then, the suspend utility will load the contents of this file, Âgenerate a
> random session key (k) and initialization vector (i) for the image
> encryption and use (n, e) to encrypt these values with RSA. ÂThe encrypted
> k, i as well as the contents of the RSA key file will be saved in the
> image header.
> The resume utility will read n, e and (encrypted) d as well as (encrypted)
> k, i from the image header. ÂThen it will ask the user for a passphrase
> and will try to decrypt d using it. ÂNext, it will use (n, e, d) to
> decrypt k, i needed for decrypting the image.
what interface will those tools use? can I replace them with my own
code, e.g. that uses smart cards instead of an encrypted public key
on a disk?
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/