tech-security archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: cgd and remote keys

On Mon, 31 Dec 2007, Curt Sampson wrote:
> [encrypted disk on machine with inaccessible console]
> Is there an existing protocol we might use that would be as simple as
> a simple TCP connection? (HTTP comes to mind.)

Under FreeBSD with the "geli" disk encryption scheme, I once
embedded an HTTPS server in the code that prompts for a password.
The password prompt appears on the console as usual, and a web
server starts listening on a configurable port; whichever gets a
password first wins.  I used a modified verion of shttpd as the
embedded web server.  shttpd is not in pkgsrc, but is available from
<>.  My code is not ready for public
consumption, but I could get it ready if there's interest.

> Would anybody object to me writing and committing this, along with
> committing a simple server to pkgsrc?

I have no objection to your idea, but I prefer the HTTPS idea.

--apb (Alan Barrett)

Home | Main Index | Thread Index | Old Index