Date: 27 May 2002 01:21:09 +0200 From: Dag-Erling Smorgrav <des@ofug.org> To: Poul-Henning Kamp <phk@FreeBSD.org> Cc: cvs-committers@FreeBSD.org, cvs-all@FreeBSD.org Subject: Re: cvs commit: src/sys/conf files src/sys/geom geom_aes.c Message-ID: <xzpy9e67axm.fsf@flood.ping.uio.no> In-Reply-To: <200205261814.g4QIEdg85920@freefall.freebsd.org> References: <200205261814.g4QIEdg85920@freefall.freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help
Poul-Henning Kamp <phk@FreeBSD.org> writes: > Log: > Add a proof-of-concept encryption class. > > "The only hard problem in cryptography is key-management." > > All sectors are encrypted with AES in CBC mode using a constant key, > currently compiled in and all zero. How about using an ioctl on the raw encrypted device to specify the key? i.e. fd = open("/dev/foo.aes", O_RDWR); ioctl(fd, GEOMIOSETKEY, keydata); close(fd); mount("ufs", "/mnt", "/dev/foo", 0, NULL); The ioctl should always succeed, even when the wrong key was given, but of course the contents of the device won't make sense unless you set the right key. DES -- Dag-Erling Smorgrav - des@ofug.org To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe cvs-all" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?xzpy9e67axm.fsf>