1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
|
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE para PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN"
"http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd">
<para>
This is part of the Mandos system for allowing computers to have
encrypted root file systems and at the same time be capable of
remote and/or unattended reboots. The computers run a small client
program in the initial <acronym>RAM</acronym> disk environment which
will communicate with a server over a network. All network
communication is encrypted using <acronym>TLS</acronym>. The
clients are identified by the server using an OpenPGP key; each
client has one unique to it. The server sends the clients an
encrypted password. The encrypted password is decrypted by the
clients using the same OpenPGP key, and the password is then used to
unlock the root file system, whereupon the computers can continue
booting normally.
</para>
|