Re: Announcing crypto suspend
From: Pavel Machek
Date: Tue Mar 21 2006 - 15:48:29 EST
On Út 21-03-06 10:45:40, Andreas Jellinghaus wrote:
> Rafael J. Wysocki wrote:
> > First, you need to generate the RSA key pair using suspend-keygen and save
> > the output file as /etc/suspend.key (or something else pointed to by
> > the "RSA key file =" configuration parameter of suspend). This file
> > contains the public modulus (n), public exponent (e) and
> > Blowfish-encrypted private exponent (d) of the RSA key pair.
> >
> > Then, the suspend utility will load the contents of this file, generate a
> > random session key (k) and initialization vector (i) for the image
> > encryption and use (n, e) to encrypt these values with RSA. The encrypted
> > k, i as well as the contents of the RSA key file will be saved in the
> > image header.
> >
> > The resume utility will read n, e and (encrypted) d as well as (encrypted)
> > k, i from the image header. Then it will ask the user for a passphrase
> > and will try to decrypt d using it. Next, it will use (n, e, d) to
> > decrypt k, i needed for decrypting the image.
>
> what interface will those tools use? can I replace them with my own
> code, e.g. that uses smart cards instead of an encrypted public key
> on a disk?
It is userspace, so yes, you can use smart cards if you hack code at
suspend.sf.net a bit.
Pavel
--
Picture of sleeping (Linux) penguin wanted...
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/