1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
|
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE para PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN"
"http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd">
<para>
This is part of the Mandos system for allowing computers to have
encrypted root file systems and at the same time be capable of
remote and/or unattended reboots. The computers run a small client
program in the initial <acronym>RAM</acronym> disk environment which
will communicate with a server over a network. All network
communication is encrypted using <acronym>TLS</acronym>. The
clients are identified by the server using a TLS key; each client
has one unique to it. The server sends the clients an encrypted
password. The encrypted password is decrypted by the clients using
a separate OpenPGP key, and the password is then used to unlock the
root file system, whereupon the computers can continue booting
normally.
</para>
|