On Mon, Feb 10, 2025 at 03:54:45PM +0800, Herbert Xu wrote: > On Sun, Feb 09, 2025 at 12:29:54PM +0100, Lukas Wunner wrote: > > One user of this API is the Embedded Linux Library, which in turn > > is used by Intel Wireless Daemon: > > > > https://git.kernel.org/pub/scm/libs/ell/ell.git/tree/ell/key.c > > https://git.kernel.org/pub/scm/network/wireless/iwd.git/tree/src/eap-tls.c > > Surely this doesn't use the private key part of the API, does it? It does use the private key part: It takes advantage of the kernel's Key Retention Service for EAP-TLS, which generally uses mutual authentication. E.g. clients authenticate against a wireless hotspot. Hence it does invoke KEYCTL_PKEY_SIGN and KEYCTL_PKEY_ENCRYPT (with private keys, obviously). > While I intensely dislike the entire API being there, it's only the > private key part that I really want to remove. Note that the patches proposed here only touch the KEYCTL_PKEY_QUERY interface, which is used for public keys as well. Thanks, Lukas
