Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S965105AbWCUUvT (ORCPT ); Tue, 21 Mar 2006 15:51:19 -0500 Received: (majordomo@vger.kernel.org) by vger.kernel.org id S965103AbWCUUvS (ORCPT ); Tue, 21 Mar 2006 15:51:18 -0500 Received: from gprs189-60.eurotel.cz ([160.218.189.60]:47761 "EHLO amd.ucw.cz") by vger.kernel.org with ESMTP id S965105AbWCUUvS (ORCPT ); Tue, 21 Mar 2006 15:51:18 -0500 Date: Tue, 21 Mar 2006 21:50:55 +0100 From: Pavel Machek To: Andreas Jellinghaus Cc: linux-kernel@vger.kernel.org Subject: Re: Announcing crypto suspend Message-ID: <20060321205055.GA4327@elf.ucw.cz> References: <20060320080439.GA4653@elf.ucw.cz> <1142879707.9475.4.camel@localhost.localdomain> <200603201954.45572.rjw@sisk.pl> <20060321094449.0760E12768C@dungeon.inka.de> Mime-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Disposition: inline Content-Transfer-Encoding: 8bit In-Reply-To: <20060321094449.0760E12768C@dungeon.inka.de> X-Warning: Reading this can be dangerous to your mental health. User-Agent: Mutt/1.5.9i Sender: linux-kernel-owner@vger.kernel.org X-Mailing-List: linux-kernel@vger.kernel.org Content-Length: 1594 Lines: 33 On ?t 21-03-06 10:45:40, Andreas Jellinghaus wrote: > Rafael J. Wysocki wrote: > > First, you need to generate the RSA key pair using suspend-keygen and save > > the output file as /etc/suspend.key (or something else pointed to by > > the "RSA key file =" configuration parameter of suspend). ?This file > > contains the public modulus (n), public exponent (e) and > > Blowfish-encrypted private exponent (d) of the RSA key pair. > > > > Then, the suspend utility will load the contents of this file, ?generate a > > random session key (k) and initialization vector (i) for the image > > encryption and use (n, e) to encrypt these values with RSA. ?The encrypted > > k, i as well as the contents of the RSA key file will be saved in the > > image header. > > > > The resume utility will read n, e and (encrypted) d as well as (encrypted) > > k, i from the image header. ?Then it will ask the user for a passphrase > > and will try to decrypt d using it. ?Next, it will use (n, e, d) to > > decrypt k, i needed for decrypting the image. > > what interface will those tools use? can I replace them with my own > code, e.g. that uses smart cards instead of an encrypted public key > on a disk? It is userspace, so yes, you can use smart cards if you hack code at suspend.sf.net a bit. Pavel -- Picture of sleeping (Linux) penguin wanted... - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/