Date: Wed, 23 Aug 2006 14:17:02 -0400 (EDT) From: "Jeff Palmer" <questions@totaldiver.net> To: hackers@freebsd.org Subject: Geli questions Message-ID: <54409.66.209.36.253.1156357022.squirrel@mail.totaldiver.net>
next in thread | raw e-mail | index | archive | help
Hello, Let me preface the email by saying I'm not overly familiar with geli, and it may already have the ability to do what I'm about to describe. The scenario: A FreeBSD based appliance at a customer premise. The customer really can't be trusted not to disasemble the box, and gain knowledge about the box configuration, software, and design. The idea: I'd like to use geli to encrypt *everything* on the disk. So if someone (a competitor maybe) removes the disk from the machine, he can't gain any data off of it easily. I know nothing is 100%, but why make the process easy for him? The problem: I don't want the end user to have to do anything to the box, to have it "come back up" after a reboot/power failure. The goal is an appliance that the client just plugs in, and forgets about it. The plan: the appliance would be persistantly connected to an SSL based VPN server at my central office. (Think OpenVPN server) I'd like a way for geli to encrypt the entire disk, but fetch the key from a server located on the VPN. this would require the appliance to boot up, access the internet (static IP), access the VPN (ssl key'd) and fetch the key that geli needs. Is this currently possible using geli (or even other software that I may not have heard of) or if not, would it be overly difficult to implement? Any feedback or brainstorming would be GREATLY appreciated. DrkShdw @ freenode (##FreeBSD) P.S. Sorry for the cross post from questions@, I realized hackers@ would probably be more suited to this discussion.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?54409.66.209.36.253.1156357022.squirrel>