From: Andreas Jellinghaus <aj@dungeon.inka.de>
Subject: Re: Announcing crypto suspend
To: linux-kernel@vger.kernel.org
Date: Tue, 21 Mar 2006 10:45:40 +0100
References: <20060320080439.GA4653@elf.ucw.cz> <1142879707.9475.4.camel@localhost.localdomain> <200603201954.45572.rjw@sisk.pl>
User-Agent: KNode/0.10.1
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 8Bit
Message-Id: <20060321094449.0760E12768C@dungeon.inka.de>
Sender: linux-kernel-owner@vger.kernel.org
Content-Length: 1359
Lines: 23

Rafael J. Wysocki wrote:
> First, you need to generate the RSA key pair using suspend-keygen and save
> the output file as /etc/suspend.key (or something else pointed to by
> the "RSA key file =" configuration parameter of suspend).  This file
> contains the public modulus (n), public exponent (e) and
> Blowfish-encrypted private exponent (d) of the RSA key pair.
> 
> Then, the suspend utility will load the contents of this file,  generate a
> random session key (k) and initialization vector (i) for the image
> encryption and use (n, e) to encrypt these values with RSA.  The encrypted
> k, i as well as the contents of the RSA key file will be saved in the
> image header.
> 
> The resume utility will read n, e and (encrypted) d as well as (encrypted)
> k, i from the image header.  Then it will ask the user for a passphrase
> and will try to decrypt d using it.  Next, it will use (n, e, d) to
> decrypt k, i needed for decrypting the image.

what interface will those tools use? can I replace them with my own
code, e.g. that uses smart cards instead of an encrypted public key
on a disk?

Andreas

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/