Re: [PATCH v2] crypto: AF_ALG - add support for keys/asymmetric-type

From: David Woodhouse
Date: Wed Jan 13 2016 - 10:06:48 EST

Next message: Joe Perches: "Re: [PATCH -next] tty/serial: atmel: Include module.h to fix build failure"
Previous message: Thierry Reding: "Re: [PATCH V1 03/10] thermal: tegra: split tegra_soctherm driver"
In reply to: Tadeusz Struk: "Re: [PATCH v2] crypto: AF_ALG - add support for keys/asymmetric-type"
Next in thread: Tadeusz Struk: "Re: [PATCH v2] crypto: AF_ALG - add support for keys/asymmetric-type"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Wed, 2016-01-13 at 06:05 -0800, Tadeusz Struk wrote:
>
> I agree, ideally keyctl should do the job for all the cases and
> request_key() should just return a key data.

No, you can NOT RELY ON HAVING THE KEY DATA. It might be in hardware.
You might have something which will perform sign/verify/encrypt/decrypt
operations *with* the key at your request, but which can never just
*give* you the key.

Any crypto API which relies on *having* the key is fundamentally wrong.

--
dwmw2

Attachment: smime.p7s
Description: S/MIME cryptographic signature

Next message: Joe Perches: "Re: [PATCH -next] tty/serial: atmel: Include module.h to fix build failure"
Previous message: Thierry Reding: "Re: [PATCH V1 03/10] thermal: tegra: split tegra_soctherm driver"
In reply to: Tadeusz Struk: "Re: [PATCH v2] crypto: AF_ALG - add support for keys/asymmetric-type"
Next in thread: Tadeusz Struk: "Re: [PATCH v2] crypto: AF_ALG - add support for keys/asymmetric-type"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]