Dear Petr, Quoting Petr Cerny (pcerny@suse.cz):
What about triggering the suspend process by media insert event (with the correct uuid). The script would search for specific data on the media - a key that would be used for encrypting the hibernation image to hard drive using the key from the memory stick. Upon boot from the memory stick, the key would be used to decrypt the image.
yes, that could be a path to follow. Thanks for this idea! I could even set up the encrypted swap on the fly, using one-use passphrases. Now I will have to find out how to tell the booting system where to find the passphrase for the resume disk independently of the other passphrases.
The passphrase is gone when cryptsetup finishes.
Theoretically it could be kept in /proc/keys, right?
Yes -- but I do not know how to access it in any way to then put it there or wherever it's convenient. Thanks, Susan Dittmar -- To unsubscribe, e-mail: opensuse-security+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-security+help@opensuse.org