4
Encryption in suspend-utils uses RSA internally; the reason is that we
5
want to only prompt for passphrase on resume. So, during suspend, the
6
image is effectively encrypted with a public key, and during resume,
7
the user has to first decrypt the corresponding private key using a
8
passphrase, which then is used to decrypt the image.
10
The image is always encrypted with symmetric algo. If RSA is used
11
(optional) then the key for the symmetric encryption is random and the
12
PK is used to safely store the key in the header of the image; the
13
random key is encrypted with RSA and stored in the header, RSA private
14
key is (encrypted using the password at installation time) is also
15
stored in the header. At resume the password is used to unlock the
16
private key which is then used to decrypt the random key. IOW we
17
don't use RSA to encrypt the whole image ;)