On Tue, Jan 17, 2012 at 5:32 PM, David Howells <dhowells@xxxxxxxxxx> wrote: > Mimi Zohar <zohar@xxxxxxxxxxxxxxxxxx> wrote: > >> Nice! Basically the 'crypto' key type ties crypto/ with security/keys. >> Other than the posted pgp key parser used for verifying kernel module >> signatures, I assume another use case could be to expose kernel >> cryptography to userspace. As there was a submission >> https://lkml.org/lkml/2010/8/20/103 to do just this, there must be >> userspace apps that would benefit. This architecture would address a >> number of concerns raised with the prior submission. (Refer to >> http://lwn.net/Articles/401548/.) > > :-) > >> You'd probably want to move the 'crypto' key type to its own directory. > > Yeah. > > I'd also like to see if Dmitry's work can be absorbes into this infrastructure. > Hi David, Crypto keys is very nice idea. We thought some time ago about having dedicated key type for handling public key cryptography operations, but did not go that far. Also I did not want to mess-up with GnuPG formats and just made straight-forward RSA implementation, which can be handled by any crypto library, such as openssl. We can easily take GPG signing scheme into use for IMA/EVM when it gets to upstream. - Dmitry > David -- To unsubscribe from this list: send the line "unsubscribe linux-crypto" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
