Thanks for all of your helpful replies. I'm glad people think that this is a worthwhile idea. On 2008-01-02 13:43 -0800 (Wed), Erik Berls wrote: > I'm thinking we might want to take a step back and look at a general > key storage and distribution mechanism for these types of things > within NetBSD.... Well, it's definitely a good idea to generalize where you can, but I'm not sure that I see a lot of generality here. There are many different ways to do this key distribution thing for various purposes, and many of them (such as getting web server SSH keys) are outside of the base system. However, I'm open to thoughts on this. On 2007-12-31 03:25 -0700 (Mon), John R. Shannon wrote: > An approach used in military applications is to keep a symmetric key on your > server with encrypted storage that is used only for key encryption. This is > usually called a "cryptographic ignition key". This is an understandable approach, but it seems to me that the same level of security is achieved merely by having the server provide part of the key and the local client provide another part; thus, if the server's part of the key is stolen, it alone can't be used to decrypt anything, either. (I'm sorry I didn't say so explicitly in my previous post, but I was assuming that this would almost invariably be the way the system would be configured.) On 2007-12-31 17:16 +0000 (Mon), David Holland wrote: > This suggests that the mechanism inside cgdconfig should maybe be a > simple callout, so that different key-fetching scripts can be used. On 2007-12-31 22:39 +0100 (Mon), Hubert Feyrer wrote: > Maybe use a command that prints the key to stdout, then use something like > "ssh server cat keyfile"? Ah, now this idea makes good sense; just add to cgdconfig a keying scheme that uses the result of an arbitrary shell command as the key material. Then you could use ftp(1), ssh(1), netcat(1), or whatever else you liked. You could even use Alan Barrett's idea of starting a web server that waits for someone to enter the key. Is there any downside to this? On 2008-01-02 15:22 -0800 (Wed), Cem Kayali wrote: > Just additional note, it is possible to store /etc/cgd/* content on usb > memory, already tested. You just need to add a line into /etc/fstab. I understand this. Unfortunately, it doesn't solve my problem, since the USB memory is likely to be stolen along with the machine. > Although this does not allow you to enable remote reboot, it is much more > secure than storing cgd key on / partition. In my case, since what's stored on / is only part of the key, it seems to me to make little difference. cjs -- Curt Sampson <cjs%starling-software.com@localhost> +81 90 7737 2974 Mobile sites and software consulting: http://www.starling-software.com