Hello. I have a requirement to create an encrypted hibernation swap that is erazed and discarded when not in use. The requirement is also that any one of the users logged in at the moment of hibernation may unlock the swap and restore the system, with their ordinary password. I certainly could not have the users store their passwords in plain text, as would be required if creating an encrypted partition by ordinary means. I also could not use a prepared header with all the slots already filled, as this would allow a user not logged in to unlock the swap. My idea is that at every user's home, there is a prepared binary key slot fragment that already contains the hash of their password. Then, a moment before hibernation, a new encrypted container for the swap is created, and the key slot fragments are somehow attached. The user initiating the hibernation is asked for their password, through which the swap container is opened and hibernated onto. Then, any of the users whose key slot fragments were attached can resume the system. How can I approach this task? I should mention for completeness that the system partition (with all the data required to boot) will not be encrypted, and the homes of the users that are logged in will either not be encrypted, or be open while they are logged in. If there is no solution readily at hand, I am willing to write some code. Thank you. _______________________________________________ dm-crypt mailing list dm-crypt@xxxxxxxx https://www.saout.de/mailman/listinfo/dm-crypt
