On Tue, 22 Jun 2004, David Howells wrote:
> (3) A DSA signature checker.
>
> In patch #3, ksign-publickey.c contains a keyring containing some public
> keys. These are listed during boot:
>
> ksign: Installing public key data
> Loading keyring
> - Added public key 5B23D93E238D57CC
> - User ID: David W Howells (hello) <[email protected]>
> - Added public key 8491D58C6C10A25E
> - User ID: David Howells (dwh's signature) <[email protected]>
I think the way to manage keyrings is via a filesystem API, which
different asymmetric crypto apps can register with.
- James
--
James Morris
<[email protected]>
> I think the way to manage keyrings is via a filesystem API, which
> different asymmetric crypto apps can register with.
I'm not sure what you're thinking of exactly. Can you elaborate?
David
On Tue, 22 Jun 2004, David Howells wrote:
>
> > I think the way to manage keyrings is via a filesystem API, which
> > different asymmetric crypto apps can register with.
>
> I'm not sure what you're thinking of exactly. Can you elaborate?
Different kernel asymmetric crypto apps (e.g. module signature checker)
will need to be able to manage independent keyrings, and a common
filesystem API would be useful for this. e.g. during startup, some init
script loads keyrings into the kernel via /proc/crypto/keyring/app/addkey
- James
--
James Morris
<[email protected]>
On Jun 22, 2004, at 14:08, James Morris wrote:
> Different kernel asymmetric crypto apps (e.g. module signature checker)
> will need to be able to manage independent keyrings, and a common
> filesystem API would be useful for this. e.g. during startup, some
> init
> script loads keyrings into the kernel via
> /proc/crypto/keyring/app/addkey
This is actually somewhat along the line that David Howells and I have
been working on; getting a key-ring system into the kernel. We can
probably have a patch implementing the API we're working on in alpha
sometime in a couple weeks. This isn't really something that's useful to
the cryptoapi itself, but it could be used to debug new cryptoapi
functions. In addition, cryptoapi will be very useful to the key-ring
system, if one is ever made.
Cheers,
Kyle Moffett