Date: 27 May 2002 01:21:09 +0200 From: Dag-Erling Smorgrav <des@ofug.org> To: Poul-Henning Kamp <phk@FreeBSD.org> Cc: cvs-committers@FreeBSD.org, cvs-all@FreeBSD.org Subject: Re: cvs commit: src/sys/conf files src/sys/geom geom_aes.c Message-ID: <xzpy9e67axm.fsf@flood.ping.uio.no> In-Reply-To: <200205261814.g4QIEdg85920@freefall.freebsd.org> References: <200205261814.g4QIEdg85920@freefall.freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help
Poul-Henning Kamp <phk@FreeBSD.org> writes:
> Log:
> Add a proof-of-concept encryption class.
>
> "The only hard problem in cryptography is key-management."
>
> All sectors are encrypted with AES in CBC mode using a constant key,
> currently compiled in and all zero.
How about using an ioctl on the raw encrypted device to specify the
key? i.e.
fd = open("/dev/foo.aes", O_RDWR);
ioctl(fd, GEOMIOSETKEY, keydata);
close(fd);
mount("ufs", "/mnt", "/dev/foo", 0, NULL);
The ioctl should always succeed, even when the wrong key was given,
but of course the contents of the device won't make sense unless you
set the right key.
DES
--
Dag-Erling Smorgrav - des@ofug.org
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe cvs-all" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?xzpy9e67axm.fsf>