Re: [PATCH 07/21] KEYS: Create a key type that can be used forgeneral cryptographic operations [ver #3]
From: Kasatkin, Dmitry
Date: Wed Jan 18 2012 - 05:56:25 EST
On Tue, Jan 17, 2012 at 5:32 PM, David Howells <dhowells@xxxxxxxxxx> wrote:
> Mimi Zohar <zohar@xxxxxxxxxxxxxxxxxx> wrote:
>
>> Nice! Basically the 'crypto' key type ties crypto/ with security/keys.
>> Other than the posted pgp key parser used for verifying kernel module
>> signatures, I assume another use case could be to expose kernel
>> cryptography to userspace. ÂAs there was a submission
>> https://lkml.org/lkml/2010/8/20/103 to do just this, there must be
>> userspace apps that would benefit. ÂThis architecture would address a
>> number of concerns raised with the prior submission. (Refer to
>> http://lwn.net/Articles/401548/.)
>
> :-)
>
>> You'd probably want to move the 'crypto' key type to its own directory.
>
> Yeah.
>
> I'd also like to see if Dmitry's work can be absorbes into this infrastructure.
>
Hi David,
Crypto keys is very nice idea.
We thought some time ago about having dedicated key type for handling
public key cryptography operations,
but did not go that far. Also I did not want to mess-up with GnuPG
formats and just made straight-forward RSA implementation,
which can be handled by any crypto library, such as openssl.
We can easily take GPG signing scheme into use for IMA/EVM when it
gets to upstream.
- Dmitry
> David
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/