From owner-freebsd-hackers@FreeBSD.ORG Thu Aug 24 04:53:03 2006 Return-Path: X-Original-To: hackers@freebsd.org Delivered-To: freebsd-hackers@FreeBSD.ORG Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id A1AA916A4DA for ; Thu, 24 Aug 2006 04:53:03 +0000 (UTC) (envelope-from mv@thebeastie.org) Received: from p4.roq.com (ns1.ecoms.com [207.44.130.137]) by mx1.FreeBSD.org (Postfix) with ESMTP id 3A35943D45 for ; Thu, 24 Aug 2006 04:53:01 +0000 (GMT) (envelope-from mv@thebeastie.org) Received: from p4.roq.com (localhost.roq.com [127.0.0.1]) by p4.roq.com (Postfix) with ESMTP id 95FBF4CE4C for ; Thu, 24 Aug 2006 04:54:15 +0000 (GMT) Received: from vaulte.jumbuck.com (ppp166-27.static.internode.on.net [150.101.166.27]) by p4.roq.com (Postfix) with ESMTP id 367EE4CE4B for ; Thu, 24 Aug 2006 04:54:15 +0000 (GMT) Received: from vaulte.jumbuck.com (localhost [127.0.0.1]) by vaulte.jumbuck.com (Postfix) with ESMTP id ADBCB8A031; Thu, 24 Aug 2006 14:52:58 +1000 (EST) Received: from [192.168.46.102] (unknown [192.168.46.250]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by vaulte.jumbuck.com (Postfix) with ESMTP id AAA628A023; Thu, 24 Aug 2006 14:52:58 +1000 (EST) Message-ID: <44ED30AA.3060000@thebeastie.org> Date: Thu, 24 Aug 2006 14:52:58 +1000 From: Michael Vince User-Agent: Mozilla/5.0 (X11; U; FreeBSD amd64; en-US; rv:1.7.13) Gecko/20060727 X-Accept-Language: en-us, en MIME-Version: 1.0 To: Jeff Palmer References: <54409.66.209.36.253.1156357022.squirrel@mail.totaldiver.net> In-Reply-To: <54409.66.209.36.253.1156357022.squirrel@mail.totaldiver.net> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-Virus-Scanned: ClamAV using ClamSMTP X-Virus-Scanned: ClamAV using ClamSMTP Cc: hackers@freebsd.org Subject: Re: Geli questions X-BeenThere: freebsd-hackers@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Technical Discussions relating to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 24 Aug 2006 04:53:03 -0000 Jeff Palmer wrote: >Hello, > > >Let me preface the email by saying I'm not overly familiar with geli, and >it may already have the ability to do what I'm about to describe. > >The scenario: A FreeBSD based appliance at a customer premise. The >customer really can't be trusted not to disasemble the box, and gain >knowledge about the box configuration, software, and design. > >The idea: I'd like to use geli to encrypt *everything* on the disk. So >if someone (a competitor maybe) removes the disk from the machine, he >can't gain any data off of it easily. I know nothing is 100%, but why >make the process easy for him? > >The problem: I don't want the end user to have to do anything to the box, > to have it "come back up" after a reboot/power failure. The goal is an >appliance that the client just plugs in, and forgets about it. > >The plan: the appliance would be persistantly connected to an SSL based >VPN server at my central office. (Think OpenVPN server) I'd like a way >for geli to encrypt the entire disk, but fetch the key from a server >located on the VPN. this would require the appliance to boot up, access >the internet (static IP), access the VPN (ssl key'd) and fetch the key >that geli needs. > > I think its possible, Geli is a great crypto subsystem but I would say you would have to come half way and have probably the base FreeBSD system use a passphraseless Geli key just for the base system, and a second passphrase protected second file system that would hold the really important stuff, this still prevents your customer from having to do anything. You could symlink bits of the file system that don't prevent it from booting into your passphrase protected second geli file system, this would be needed if you need base bits of FreeBSD extra encrypted. Once the box is up it can be reached via VPN and you could script it so the another machine connects in via VPN and auto enters the Geli private key passphrase and mounts the encrypted file system. The security would be based around how strong the passphrase is to protect your private key for the second Geli filesystem compared to someone else just getting access to the private key. Mike >Is this currently possible using geli (or even other software that I may >not have heard of) or if not, would it be overly difficult to >implement? > > >Any feedback or brainstorming would be GREATLY appreciated. > > >DrkShdw @ freenode (##FreeBSD) > >P.S. Sorry for the cross post from questions@, I realized hackers@ >would probably be more suited to this discussion. > >_______________________________________________ >freebsd-hackers@freebsd.org mailing list >http://lists.freebsd.org/mailman/listinfo/freebsd-hackers >To unsubscribe, send any mail to "freebsd-hackers-unsubscribe@freebsd.org" > >