Am Dienstag, den 08.03.2005, 00:08 -0500 schrieb Kyle Moffett: > Did you include support for the new key/keyring infrastructure > introduced > a couple versions ago by David Howells? It allows userspace to create > and > manage various sorts of "keys" in kernelspace. If you create and > register > a few keytypes for various symmetric and asymmetric ciphers, you could > then > take advantage of its support for securely passing keys around in and > out > of userspace.
I've written a dm-crypt patch some weeks ago that does what you describe. The crypto information (cipher and key) is added to a keyring and then the device is constructed using a reference to this key. I had some issues with the keyring code (mainly a deadlock problem with crypto module autoloading): http://lkml.org/lkml/2005/2/4/113 I would also like to switch dm-crypt to acrypto once it's accepted into the kernel.
signature.asc
Description: Dies ist ein digital signierter Nachrichtenteil
