[dm-crypt] Kernel Keyring Service

Ahmed, Safayet (GE Global Research) Safayet.Ahmed at ge.com
Sat Dec 13 06:12:16 CET 2014


I am wondering if it could be possible to create a virtual crypto module that is a wrapper for both the key-ring services and other crypto modules. The key would include two components: 1) the id of a key currently resident in the key ring, and 2) the name of the actual crypto module that you want to sit behind the wrapper. Such an approach should allow any kernel component that can use kernel crypto modules to use a key in the kernel keying with any crypto module. 

Is that too simplistic or too kludgy?

Safayet

-----Original Message-----
From: Alasdair G Kergon [mailto:agk at redhat.com] 
Sent: Friday, December 12, 2014 8:47 PM
To: Ahmed, Safayet (GE Global Research)
Cc: dm-crypt at saout.de
Subject: Re: [dm-crypt] Kernel Keyring Service

On Fri, Dec 12, 2014 at 04:23:20PM +0000, Ahmed, Safayet (GE Global Research) wrote:
> Is there a way to setup an encrypted partition with keys from the kernel key ring? 

Having an option for device-mapper to access keys by reference instead of directly has been discussed as a desirable future feature for a long time, but as far as I know, nobody's got as far as starting any design discussions yet.

Alasdair



More information about the dm-crypt mailing list