Date: Tue, 28 May 2002 10:22:28 -0400 (EDT) From: Robert Watson <rwatson@FreeBSD.org> To: Dag-Erling Smorgrav <des@ofug.org> Cc: Poul-Henning Kamp <phk@FreeBSD.org>, cvs-committers@FreeBSD.org, cvs-all@FreeBSD.org Subject: Re: cvs commit: src/sys/conf files src/sys/geom geom_aes.c Message-ID: <Pine.NEB.3.96L.1020528102023.90727F-100000@fledge.watson.org> In-Reply-To: <xzpy9e67axm.fsf@flood.ping.uio.no>
next in thread | previous in thread | raw e-mail | index | archive | help
On 27 May 2002, Dag-Erling Smorgrav wrote:
> Poul-Henning Kamp <phk@FreeBSD.org> writes:
> > Log:
> > Add a proof-of-concept encryption class.
> >
> > "The only hard problem in cryptography is key-management."
> >
> > All sectors are encrypted with AES in CBC mode using a constant key,
> > currently compiled in and all zero.
>
> How about using an ioctl on the raw encrypted device to specify the
> key? i.e.
>
> fd = open("/dev/foo.aes", O_RDWR);
> ioctl(fd, GEOMIOSETKEY, keydata);
> close(fd);
> mount("ufs", "/mnt", "/dev/foo", 0, NULL);
>
> The ioctl should always succeed, even when the wrong key was given, but
> of course the contents of the device won't make sense unless you set the
> right key.
Other interesting cases would include pre-keying in the loader, perhaps
interactively via the console. One of the really cool cases would be for
geom/mount-twiddling code to know how to talk to key storage devices such
as smart cards... If you try to boot the machine/mount the device without
the smart card, then you don't have keying material. If the card is
inserted, then keying material is extracted and used.
Robert N M Watson FreeBSD Core Team, TrustedBSD Project
robert@fledge.watson.org NAI Labs, Safeport Network Services
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe cvs-all" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.NEB.3.96L.1020528102023.90727F-100000>