Oliver Neukum <oneu...@suse.com> writes: > Good point. The logical answer would be to not ship the key. That means > that users would "format" their chaoskeys and get their private key into > the kernel by an attribute or ioctl.
Now *there's* a good idea. Ship the firmware and firmware loader and have the user generate a public/private pair when using the key for the first time. The firmware loader is a trivial C program at present, which takes an ELF and can do variable substitution on it before dumping the resulting binary into the device. I'd have to ship the devices without boxing them; the enclosure I found is pretty hard to open up to get at the reflashing connections. -- -keith
signature.asc
Description: PGP signature
