lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <CALLzPKY87L_GTP57MwA=iz4Cn3inboBszJ5OfOSYtUcRJn4KQg@mail.gmail.com>
Date:	Wed, 18 Jan 2012 12:56:15 +0200
From:	"Kasatkin, Dmitry" <dmitry.kasatkin@...el.com>
To:	David Howells <dhowells@...hat.com>
Cc:	Mimi Zohar <zohar@...ux.vnet.ibm.com>, keyrings@...ux-nfs.org,
	linux-crypto@...r.kernel.org,
	linux-security-module@...r.kernel.org,
	linux-kernel@...r.kernel.org, arjan.van.de.ven@...el.com,
	alan.cox@...el.com
Subject: Re: [PATCH 07/21] KEYS: Create a key type that can be used for
 general cryptographic operations [ver #3]

On Tue, Jan 17, 2012 at 5:32 PM, David Howells <dhowells@...hat.com> wrote:
> Mimi Zohar <zohar@...ux.vnet.ibm.com> wrote:
>
>> Nice! Basically the 'crypto' key type ties crypto/ with security/keys.
>> Other than the posted pgp key parser used for verifying kernel module
>> signatures, I assume another use case could be to expose kernel
>> cryptography to userspace.  As there was a submission
>> https://lkml.org/lkml/2010/8/20/103 to do just this, there must be
>> userspace apps that would benefit.  This architecture would address a
>> number of concerns raised with the prior submission. (Refer to
>> http://lwn.net/Articles/401548/.)
>
> :-)
>
>> You'd probably want to move the 'crypto' key type to its own directory.
>
> Yeah.
>
> I'd also like to see if Dmitry's work can be absorbes into this infrastructure.
>

Hi David,

Crypto keys is very nice idea.
We thought some time ago about having dedicated key type for handling
public key cryptography operations,
but did not go that far. Also I did not want to mess-up with GnuPG
formats and just made straight-forward RSA implementation,
which can be handled by any crypto library, such as openssl.
We can easily take GPG signing scheme into use for IMA/EVM when it
gets to upstream.

- Dmitry

> David
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ