Re: [0/many] Acrypto - asynchronous crypto layer for linux kernel2.6

From: Christophe Saout
Date: Thu Mar 10 2005 - 07:44:10 EST


Am Dienstag, den 08.03.2005, 00:08 -0500 schrieb Kyle Moffett:

> Did you include support for the new key/keyring infrastructure
> introduced
> a couple versions ago by David Howells? It allows userspace to create
> and
> manage various sorts of "keys" in kernelspace. If you create and
> register
> a few keytypes for various symmetric and asymmetric ciphers, you could
> then
> take advantage of its support for securely passing keys around in and
> out
> of userspace.

I've written a dm-crypt patch some weeks ago that does what you
describe. The crypto information (cipher and key) is added to a keyring
and then the device is constructed using a reference to this key.

I had some issues with the keyring code (mainly a deadlock problem with
crypto module autoloading): http://lkml.org/lkml/2005/2/4/113

I would also like to switch dm-crypt to acrypto once it's accepted into
the kernel.

Attachment: signature.asc
Description: Dies ist ein digital signierter Nachrichtenteil