diff options
author | Pavel Machek <pavel@ucw.cz> | 2008-06-01 11:47:34 +0000 |
---|---|---|
committer | Pavel Machek <pavel@ucw.cz> | 2008-06-01 11:47:34 +0000 |
commit | e241f3c8bb328bf574ac39a097f4046ee3c3124f (patch) | |
tree | 2906c1dbb76a0df45fd42a85f0cd337b6aa15340 | |
parent | 024918c239095d1768553055abb2ee2de12dc8fc (diff) | |
download | suspend-utils-e241f3c8bb328bf574ac39a097f4046ee3c3124f.tar.gz |
Basic info about encryption.
-rw-r--r-- | README.encryption | 17 |
1 files changed, 17 insertions, 0 deletions
diff --git a/README.encryption b/README.encryption new file mode 100644 index 0000000..a5957fa --- /dev/null +++ b/README.encryption @@ -0,0 +1,17 @@ +Suspend encryption +~~~~~~~~~~~~~~~~~~ + +Encryption in suspend.sf.net uses RSA internally; reason is that we +want to only prompt for passphrase on resume. So, during suspend, +image is effectively encrypted with public key, and during resume, +user has to first decrypt private key using passphrase, which then +decrypts the image. + +The image is always encrypted with symmetric algo. If RSA is used +(optional) then the key for the symmetric encryption is random and the +PK is used to safely store the key in the header of the image; the +random key is encrypted with RSA and stored in the header, RSA private +key is (encrypted using the password at installation time) is also +stored in the header. At resume the password is used to unlock the +private key which is then used to decrypt the random key. IOW we +don't use RSA to encrypt the whole image ;) |