Re: Request_key from KMIP appliance
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
- To: linux-fscrypt@xxxxxxxxxxxxxxx, Ben Boeckel <me@xxxxxxxxxxxxxx>
- Subject: Re: Request_key from KMIP appliance
- From: Alison Schofield <alison.schofield@xxxxxxxxx>
- Date: Fri, 15 Jan 2021 14:21:46 -0800
- In-reply-to: <20210108003138.GB575130@erythro>
- Ironport-sdr: AQ2QCrrm7kmrKOTVUT+61zCQD2MZV19X2xq+eim735y/vvHF0C6lMbarWeRN3X4Z2Qtpry2RF6 EmHIS4ZzhJXw==
- Ironport-sdr: o+IHeP4AnwgrrLx/lXqSfNTp5obhJxaciuwq0Pyly94lafmC111MSBUe84bTT6LzKg0DGj8k4D 57bxbl2RptPQ==
- References: <20210107213710.GA11415@alison-desk> <20210108003138.GB575130@erythro>
- User-agent: Mutt/1.9.4 (2018-02-28)
+ linux-fscrypt
Since I first wrote this question, realized we need to consider any
external key server, not only ones that are KMIP compliant.
On Thu, Jan 07, 2021 at 07:31:38PM -0500, Ben Boeckel wrote:
> On Thu, Jan 07, 2021 at 13:37:10 -0800, Alison Schofield wrote:
> > I'm looking into using an external key server to store the encrypted blobs
> > of kernel encrypted keys. Today they are stored in the rootfs, but we'd
> > like to address the need to store the keys in an external KMIP appliance,
> > separate from the platform where deployed.
> >
> > Any leads, thoughts, experience with the Linux Kernel Key Service
> > requesting keys from an external Key Server such as this?
>
> See the `request-key.conf(5)` manpage. I don't have experience with
> actual usage or deployment though, so others might have more input.
>
> --Ben
[Index of Archives]
[linux Cryptography]
[Asterisk App Development]
[PJ SIP]
[Gnu Gatekeeper]
[IETF Sipping]
[Info Cyrus]
[ALSA User]
[Fedora Linux Users]
[Linux SCTP]
[DCCP]
[Gimp]
[Yosemite News]
[Deep Creek Hot Springs]
[Yosemite Campsites]
[ISDN Cause Codes]
