Did you include support for the new key/keyring infrastructure introduced a couple versions ago by David Howells? It allows user-space to create and manage various sorts of "keys" in kernel-space. If you create and register a few keytypes for various symmetric and asymmetric ciphers, you could then take advantage of its support for securely passing keys around in and out of userspace.
As far as I know, it has different destination - for example asynchronous block device, which uses acrypto in one of it's filters, may use it.
I'm not exactly familiar with asynchronous block device, but I'm guessing that it would need to get its crypto keys from the user somehow, no? If so, then the best way of managing them is via the key/keyring infrastructure. From the point of view of other kernel systems, it's basically a set of BLOB<=>task associations that supports a reasonable inheritance and permissions model.
Cheers, Kyle Moffett
-----BEGIN GEEK CODE BLOCK-----
Version: 3.12
GCM/CS/IT/U d- s++: a18 C++++>$ UB/L/X/*++++(+)>$ P+++(++++)>$
L++++(+++) E W++(+) N+++(++) o? K? w--- O? M++ V? PS+() PE+(-) Y+
PGP+++ t+(+++) 5 X R? tv-(--) b++++(++) DI+ D+ G e->++++$ h!*()>++$ r !y?(-)
------END GEEK CODE BLOCK------
- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
