README.encryption - pub/scm/linux/kernel/git/rafael/suspend-utils - Git at Google

 Suspend encryption
 ~~~~~~~~~~~~~~~~~~

 Encryption in suspend-utils uses RSA internally; the reason is that we
 want to only prompt for passphrase on resume. So, during suspend, the
 image is effectively encrypted with a public key, and during resume,
 the user has to first decrypt the corresponding private key using a
 passphrase, which then is used to decrypt the image.

 The image is always encrypted with symmetric algo. If RSA is used
 (optional) then the key for the symmetric encryption is random and the
 PK is used to safely store the key in the header of the image; the
 random key is encrypted with RSA and stored in the header, RSA private
 key is (encrypted using the password at installation time) is also
 stored in the header.  At resume the password is used to unlock the
 private key which is then used to decrypt the random key.  IOW we
 don't use RSA to encrypt the whole image ;)
	Suspend encryption
	~~~~~~~~~~~~~~~~~~

	Encryption in suspend-utils uses RSA internally; the reason is that we
	want to only prompt for passphrase on resume. So, during suspend, the
	image is effectively encrypted with a public key, and during resume,
	the user has to first decrypt the corresponding private key using a
	passphrase, which then is used to decrypt the image.

	The image is always encrypted with symmetric algo. If RSA is used
	(optional) then the key for the symmetric encryption is random and the
	PK is used to safely store the key in the header of the image; the
	random key is encrypted with RSA and stored in the header, RSA private
	key is (encrypted using the password at installation time) is also
	stored in the header. At resume the password is used to unlock the
	private key which is then used to decrypt the random key. IOW we
	don't use RSA to encrypt the whole image ;)