Re: [PATCH v4] KEYS: encrypted: Instantiate key with user-provided decrypted data

From: Jarkko Sakkinen
Date: Sat Jan 08 2022 - 16:59:04 EST


On Wed, Dec 29, 2021 at 04:53:30PM -0500, Yael Tiomkin wrote:
> The encrypted.c class supports instantiation of encrypted keys with
> either an already-encrypted key material, or by generating new key
> material based on random numbers. This patch defines a new datablob
> format: [<format>] <master-key name> <decrypted data length>
> <decrypted data> that allows to instantiate encrypted keys using
> user-provided decrypted data, and therefore allows to perform key
> encryption from userspace. The decrypted key material will be
> inaccessible from userspace.
>
> Reviewed-by: Mimi Zohar <zohar@xxxxxxxxxxxxx>
> Signed-off-by: Yael Tiomkin <yaelt@xxxxxxxxxx>

What is the use case for this?

BR, Jarkko