From owner-cvs-all Sun May 26 16:21:33 2002 Delivered-To: cvs-all@freebsd.org Received: from flood.ping.uio.no (flood.ping.uio.no [129.240.78.31]) by hub.freebsd.org (Postfix) with ESMTP id DB80F37B400; Sun, 26 May 2002 16:21:11 -0700 (PDT) Received: by flood.ping.uio.no (Postfix, from userid 2602) id 0D168535E; Mon, 27 May 2002 01:21:10 +0200 (CEST) X-URL: http://www.ofug.org/~des/ X-Disclaimer: The views expressed in this message do not necessarily coincide with those of any organisation or company with which I am or have been affiliated. To: Poul-Henning Kamp Cc: cvs-committers@FreeBSD.org, cvs-all@FreeBSD.org Subject: Re: cvs commit: src/sys/conf files src/sys/geom geom_aes.c References: <200205261814.g4QIEdg85920@freefall.freebsd.org> From: Dag-Erling Smorgrav Date: 27 May 2002 01:21:09 +0200 In-Reply-To: <200205261814.g4QIEdg85920@freefall.freebsd.org> Message-ID: Lines: 24 User-Agent: Gnus/5.0808 (Gnus v5.8.8) Emacs/21.2 MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Sender: owner-cvs-all@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG Poul-Henning Kamp writes: > Log: > Add a proof-of-concept encryption class. > > "The only hard problem in cryptography is key-management." > > All sectors are encrypted with AES in CBC mode using a constant key, > currently compiled in and all zero. How about using an ioctl on the raw encrypted device to specify the key? i.e. fd = open("/dev/foo.aes", O_RDWR); ioctl(fd, GEOMIOSETKEY, keydata); close(fd); mount("ufs", "/mnt", "/dev/foo", 0, NULL); The ioctl should always succeed, even when the wrong key was given, but of course the contents of the device won't make sense unless you set the right key. DES -- Dag-Erling Smorgrav - des@ofug.org To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe cvs-all" in the body of the message