Hibernation and secret keys

David Shaw dshaw at jabberwocky.com
Wed Feb 11 23:00:46 CET 2009


On Wed, Feb 11, 2009 at 10:37:43PM +0100, Ingo Kl?cker wrote:
> On Wednesday 11 February 2009, David Shaw wrote:
> > On Wed, Feb 11, 2009 at 12:59:48PM +0100, Christoph Anton Mitterer 
> wrote:
> > > A good workaround is to use disk encryption (dm-crypt or similar
> > > things).
> >
> > Encrypted disks don't help without serious OS support around suspend.
> 
> Obviously.
> 
> 
> > Your machine suspends, and writes a snapshot of its memory to disk.
> > Sure, let's say it's even encrypted.  When you wake the machine, is
> > the encrypted disk still mounted?
> 
> Obviously not.
> 
> Usually your messages are very helpful. Unfortunately, this particular 
> message is the exact opposite. Googling for "encryption suspend to disk 
> linux" I found many websites explaining how this works with most common 
> distributions (mostly out-of-the box, i.e. without compiling a kernel).

Clearly you missed the point.  I've seen various cookbook sites on how
to do this, and some of them get it dramatically wrong.  Hence the
question: "When you wake the machine, is the encrypted disk still
mounted?"

If the answer is "Yes", then you're not protecting very much.  You did
not succeed in doing what you were trying to do.  If the answer is
"No", you at least avoided the usual pitfalls.

David



More information about the Gnupg-users mailing list