On Wed, 2021-12-29 at 16:53 -0500, Yael Tiomkin wrote: > The encrypted.c class supports instantiation of encrypted keys with > either an already-encrypted key material, or by generating new key > material based on random numbers. This patch defines a new datablob > format: [<format>] <master-key name> <decrypted data length> > <decrypted data> that allows to instantiate encrypted keys using > user-provided decrypted data, and therefore allows to perform key > encryption from userspace. The decrypted key material will be > inaccessible from userspace. The 2nd to last sentence is essentially a tautology but fails to be even that, as you can already "perform key encryption" from user space, just not with arbitrary key material. It does not elighten any applications of this feature. /Jarkko
