What are device keypairs?

raspberrypi / rpi-sb-provisioner

A minimal-input automatic secure boot provisioning system for Raspberry Pi devices.

Apache License 2.0

21 stars 6 forks source link

What are device keypairs? #85

Closed Siecje closed 6 days ago

Siecje commented 1 week ago

In the config there is RPI_DEVICE_RETRIEVE_KEYPAIR where you can specify a directory to place the device keypairs but what are they?

I know each device has an encryption key which is a single value for the file system encryption but why is there a keypair?

roliver-rpi commented 6 days ago

Hi @Siecje,

Please see the following explanation of the keypair: https://github.com/raspberrypi/rpi-sb-provisioner/issues/82#issuecomment-2488219187

The key used for filesystem encryption can also be used as an ed25519 private key. RPI_DEVICE_RETRIEVE_KEYPAIR contains both this private key (used as the filesystem encryption passphrase) and the ed25519 public key derived from it.

Siecje commented 6 days ago

Thank you!