From: Jarkko Sakkinen <jarkko@kernel.org>
To: Yael Tiomkin <yaelt@google.com>, linux-integrity@vger.kernel.org
Cc: jejb@linux.ibm.com, zohar@linux.ibm.com, corbet@lwn.net,
dhowells@redhat.com, jmorris@namei.org, serge@hallyn.com,
keyrings@vger.kernel.org, linux-doc@vger.kernel.org,
linux-kernel@vger.kernel.org,
linux-security-module@vger.kernel.org
Subject: Re: [PATCH v4] KEYS: encrypted: Instantiate key with user-provided decrypted data
Date: Wed, 05 Jan 2022 22:12:27 +0200 [thread overview]
Message-ID: <db88a381739e08806e2370e8fbe8fdde82731464.camel@kernel.org> (raw)
In-Reply-To: <20211229215330.4134835-1-yaelt@google.com>
On Wed, 2021-12-29 at 16:53 -0500, Yael Tiomkin wrote:
> The encrypted.c class supports instantiation of encrypted keys with
> either an already-encrypted key material, or by generating new key
> material based on random numbers. This patch defines a new datablob
> format: [<format>] <master-key name> <decrypted data length>
> <decrypted data> that allows to instantiate encrypted keys using
> user-provided decrypted data, and therefore allows to perform key
> encryption from userspace. The decrypted key material will be
> inaccessible from userspace.
The 2nd to last sentence is essentially a tautology but fails to
be even that, as you can already "perform key encryption" from user
space, just not with arbitrary key material.
It does not elighten any applications of this feature.
/Jarkko
next prev parent reply other threads:[~2022-01-05 20:12 UTC|newest]
Thread overview: 21+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-12-29 21:53 [PATCH v4] KEYS: encrypted: Instantiate key with user-provided decrypted data Yael Tiomkin
2021-12-30 10:07 ` Sumit Garg
2021-12-30 13:29 ` Mimi Zohar
2022-01-03 6:51 ` Sumit Garg
2022-01-05 20:18 ` Yael Tiomkin
2022-01-07 5:14 ` Sumit Garg
2022-01-07 12:53 ` Yael Tiomkin
2022-01-07 13:32 ` Sumit Garg
2022-01-13 19:14 ` Yael Tiomkin
2022-01-18 6:46 ` Sumit Garg
2022-01-05 20:12 ` Jarkko Sakkinen [this message]
2022-01-06 18:30 ` Yael Tiomkin
2022-01-08 21:58 ` Jarkko Sakkinen
2022-01-10 16:04 ` Nayna
2022-01-13 19:01 ` Yael Tiomkin
2022-01-20 17:13 ` Nayna
-- strict thread matches above, loose matches on Subject: below --
2022-01-18 18:26 Martin Ross
2022-01-26 14:47 ` Jarkko Sakkinen
2022-01-26 14:51 ` Jarkko Sakkinen
2022-01-26 20:56 ` Yael Tiomkin
2022-02-04 6:27 ` Jarkko Sakkinen
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=db88a381739e08806e2370e8fbe8fdde82731464.camel@kernel.org \
--to=jarkko@kernel.org \
--cc=corbet@lwn.net \
--cc=dhowells@redhat.com \
--cc=jejb@linux.ibm.com \
--cc=jmorris@namei.org \
--cc=keyrings@vger.kernel.org \
--cc=linux-doc@vger.kernel.org \
--cc=linux-integrity@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-security-module@vger.kernel.org \
--cc=serge@hallyn.com \
--cc=yaelt@google.com \
--cc=zohar@linux.ibm.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).