I am wondering if it could be possible to create a virtual crypto module that is a wrapper for both the key-ring services and other crypto modules. The key would include two components: 1) the id of a key currently resident in the key ring, and 2) the name of the actual crypto module that you want to sit behind the wrapper. Such an approach should allow any kernel component that can use kernel crypto modules to use a key in the kernel keying with any crypto module. Is that too simplistic or too kludgy? Safayet -----Original Message----- From: Alasdair G Kergon [mailto:agk@xxxxxxxxxx] Sent: Friday, December 12, 2014 8:47 PM To: Ahmed, Safayet (GE Global Research) Cc: dm-crypt@xxxxxxxx Subject: Re: Kernel Keyring Service On Fri, Dec 12, 2014 at 04:23:20PM +0000, Ahmed, Safayet (GE Global Research) wrote: > Is there a way to setup an encrypted partition with keys from the kernel key ring? Having an option for device-mapper to access keys by reference instead of directly has been discussed as a desirable future feature for a long time, but as far as I know, nobody's got as far as starting any design discussions yet. Alasdair _______________________________________________ dm-crypt mailing list dm-crypt@xxxxxxxx http://www.saout.de/mailman/listinfo/dm-crypt
