Re: [PATCH v2] crypto: AF_ALG - add support for keys/asymmetric-type

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Wed, 2016-01-13 at 06:05 -0800, Tadeusz Struk wrote:
> 
> I agree, ideally keyctl should do the job for all the cases and
> request_key() should just return a key data.

No, you can NOT RELY ON HAVING THE KEY DATA. It might be in hardware.
You might have something which will perform sign/verify/encrypt/decrypt
operations *with* the key at your request, but which can never just
*give* you the key.

Any crypto API which relies on *having* the key is fundamentally wrong.

-- 
dwmw2

Attachment: smime.p7s
Description: S/MIME cryptographic signature


[Index of Archives]     [Kernel]     [Gnu Classpath]     [Gnu Crypto]     [DM Crypt]     [Netfilter]     [Bugtraq]

  Powered by Linux